GHSA-r77p-2f23-mhhj
GitHub Security Advisory
⚠ Unreviewed
HIGH
Has CVE
Advisory Details
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_ftp_manager.php. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9746.
Related CVEs
Key Information
7.5
/10
Dataset
Last updated: July 12, 2025 6:29 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.