Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ZPanel <= 10.0.0.2 htpasswd Module Username Command Execution
Vulnerability Description
A remote command execution vulnerability exists in ZPanel version 10.0.0.2 in its htpasswd module. When creating .htaccess files, the inHTUsername field is passed unsanitized to a system() call that invokes the system’s htpasswd binary. By injecting shell metacharacters into the username field, an authenticated attacker can execute arbitrary system commands. Exploitation requires a valid ZPanel account—such as one in the default Users, Resellers, or Administrators groups—but no elevated privileges.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
zpanelx 安全漏洞
Vulnerability Description
zpanelx是The ZPanel Project开源的一个web托管控制面板。 zpanelx 10.0.0.2版本存在安全漏洞,该漏洞源于htpasswd模块输入清理不足,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A