Critical Bugs in Control Web Panel Expose Linux Servers to RCE Attacks

LASER_oneXM

Level 37
Thread author
Verified
Top poster
Well-known
Feb 4, 2016
2,520
Researchers have disclosed details of two critical security vulnerabilities in Control Web Panel that could be abused as part of an exploit chain to achieve pre-authenticated remote code execution on affected servers. Tracked as CVE-2021-45467, the issue concerns a case of a file inclusion vulnerability, which occurs when a web application is tricked into exposing or running arbitrary files on the web server.
Control Web Panel, previously CentOS Web Panel, is an open-source Linux control panel software used for deploying web hosting environments.