ajenti.plugin.plugins has insecure permissions when downloading plugins. An attacker can download and install any plugin to the server if they know how the request is made. There is no check to ensure that it is an admin downloading the plugin. Attackers could exploit this vulnerability to install malicious plugins.
CPE | Name | Operator | Version |
---|---|---|---|
ajenti.plugin.plugins | le | 0.47 |