CVE-2020-14950

aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request start, stop, or restart to the setting menu of Sotfware Store...