20 matches found
Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign
Cybersecurity researchers have disclosed details of an active web traffic hijacking campaign that has targeted NGINX installations and management panels like Baota BT in an attempt to route it through the attacker's infrastructure. Datadog Security Labs said it observed threat actors associated...
CVE-2025-12914
A vulnerability has been found in aaPanel BaoTa up to 11.2.x. This vulnerability affects unknown code of the file /database?action=GetDatabaseAccess of the component Backend. The manipulation of the argument Name leads to sql injection. The attack can be initiated remotely. The exploit has been...
EUVD-2025-38377
A vulnerability has been found in aaPanel BaoTa up to 11.1.0. This vulnerability affects unknown code of the file /database?action=GetDatabaseAccess of the component Backend. The manipulation of the argument Name leads to sql injection. The attack can be initiated remotely. The exploit has been...
CVE-2025-12914
A vulnerability has been found in aaPanel BaoTa up to 11.2.x. This vulnerability affects unknown code of the file /database?action=GetDatabaseAccess of the component Backend. The manipulation of the argument Name leads to sql injection. The attack can be initiated remotely. The exploit has been...
CVE-2025-12914
CVE-2025-12914 affects aaPanel BaoTa Backend, specifically the /database?action=GetDatabaseAccess endpoint. The vulnerability arises from manipulation of the Name parameter, enabling SQL injection. Exploitation is possible remotely, and multiple sources note the vulnerability and that upgrading t...
CVE-2025-12914 aaPanel BaoTa Backend database sql injection
A vulnerability has been found in aaPanel BaoTa up to 11.2.x. This vulnerability affects unknown code of the file /database?action=GetDatabaseAccess of the component Backend. The manipulation of the argument Name leads to sql injection. The attack can be initiated remotely. The exploit has been...
CVE-2025-12914 aaPanel BaoTa Backend database sql injection
A vulnerability has been found in aaPanel BaoTa up to 11.2.x. This vulnerability affects unknown code of the file /database?action=GetDatabaseAccess of the component Backend. The manipulation of the argument Name leads to sql injection. The attack can be initiated remotely. The exploit has been...
BaoTa SQL注入漏洞
BaoTa is a Linux Ops panel by an individual developer at aapanel.com. A SQL injection vulnerability exists in BaoTa version 11.1.0 and earlier, which stems from incorrect manipulation of the parameter Name in the file /database?action=GetDatabaseAccess, which could lead to a SQL injection attack...
PT-2025-45570
Name of the Vulnerable Software and Affected Versions aaPanel BaoTa versions prior to 11.1.1 Description A SQL injection issue exists in aaPanel BaoTa. The issue is located in the Backend component, specifically within the /database?action=GetDatabaseAccess endpoint. Manipulation of the Name...
EUVD-2022-51689
Malicious code in bioql PyPI...
CVE-2022-4336
In BAOTA linux panel there exists a stored xss vulnerability attackers can use to obtain sensitive information via the log analysis feature...
CVE-2022-4336
In BAOTA linux panel there exists a stored xss vulnerability attackers can use to obtain sensitive information via the log analysis feature...
CVE-2022-4336
In BAOTA linux panel there exists a stored xss vulnerability attackers can use to obtain sensitive information via the log analysis feature...
Cross site scripting
In BAOTA linux panel there exists a stored xss vulnerability attackers can use to obtain sensitive information via the log analysis feature...
CVE-2022-4336
In BAOTA linux panel there exists a stored xss vulnerability attackers can use to obtain sensitive information via the log analysis feature...
CVE-2022-4336
In BAOTA linux panel there exists a stored xss vulnerability attackers can use to obtain sensitive information via the log analysis feature...
PT-2022-26868 · Unknown · Baota Linux Panel
Name of the Vulnerable Software and Affected Versions: BAOTA linux panel affected versions not specified Description: The issue is related to a stored XSS vulnerability in the BAOTA linux panel. Attackers can exploit this to obtain sensitive information through the log analysis feature...
CVE-2022-4336
CVE-2022-4336 describes a stored cross-site scripting vulnerability in the BAOTA Linux Panel, exploitable via the log analysis feature to obtain sensitive information. Affected software is BAOTA Linux Panel; the underlying issue is a stored XSS flaw in the log analysis workflow. The provided sour...
BAOTA 跨站脚本漏洞
BAOTA linux is a simple and easy-to-use Linux server operation and management panel from China Pagoda Panel BAOTA company. A security vulnerability exists in BAOTA. An attacker can exploit this vulnerability to obtain sensitive information through the log analysis function...
XSS Vulnerability in Pagoda Linux Panel of Guangdong Pagoda Security Technology Co.
Pagoda Linux Panel is server management software that improves the efficiency of operation and maintenance. A XSS vulnerability exists in Baota linux panel of Guangdong Baota Security Technology Co. Ltd, which can be exploited by attackers to compromise confidentiality and integrity...