all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Control Web Panel Unauthenticated Remote Command Execution

Add to bookmarks
Jan. 31, 2023, 5:19 p.m. |

Packet Storm packetstormsecurity.com

Control Web Panel versions prior to 0.9.8.1147 are vulnerable to unauthenticated OS command injection. Successful exploitation results in code execution as the root user. The results of the command are not contained within the HTTP response and the request will block while the command is running.

block code code execution command command injection control control web panel exploitation http injection panel request response results root vulnerable web

Visit resource

More from packetstormsecurity.com / Packet Storm

Debian Security Advisory 5665-1 19 hours ago | packetstormsecurity.com
advisory debian debian linux security engine +7
Debian Security Advisory 5664-1 19 hours ago | packetstormsecurity.com
advisory attackers can clients +20
Elber Wayber Analog/Digital Audio STL 4.00 Insecure Direct Object Reference 19 hours ago | packetstormsecurity.com
audio client client-side configuration +11
Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass 19 hours ago | packetstormsecurity.com
access attackers audio authentication +15
Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Insecure Direct Object Reference 19 hours ago | packetstormsecurity.com
client client-side configuration device +12
Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Authentication Bypass 19 hours ago | packetstormsecurity.com
access attackers authentication authentication bypass +16
Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Insecure Direct Object Reference 19 hours ago | packetstormsecurity.com
client client-side configuration device +10
Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Authentication Bypass 19 hours ago | packetstormsecurity.com
access attackers authentication authentication bypass +14
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Insecure Direct Object Reference 19 hours ago | packetstormsecurity.com
1.0.0 broadcast client client-side +14

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Information Systems Security Officer (ISSO), Junior

@ Dark Wolf Solutions | Remote / Dark Wolf Locations
View on infosec-jobs.com

Cloud Security Engineer

@ ManTech | REMT - Remote Worker Location
View on infosec-jobs.com

SAP Security & GRC Consultant

@ NTT DATA | HYDERABAD, TG, IN
View on infosec-jobs.com

Security Engineer 2 - Adversary Simulation Operations

@ Datadog | New York City, USA
View on infosec-jobs.com
View more jobs