In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, a hidden action=9 feature in filemanager2.php allows attackers to execute a shell command, i.e., obtain a reverse shell with user privilege.
CPE | Name | Operator | Version |
---|---|---|---|
centos_web_panel | eq | 0.9.8.846 |