Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
aaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking (CSWH) involving OS commands within WebSocket messages at a ws:// URL for /webssh (the victim must have configured Terminal with at least one host). Successful exploitation depends on the browser used by a potential victim (e.g., exploitation can occur with Firefox but not Chrome).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
aaPanel 安全漏洞
Vulnerability Description
aaPanel是一款开源的主机控制面板。 aaPanel LinuxStable 6.8.12存在安全漏洞,该漏洞允许攻击者进行跨站点 WebSocket 劫持 (CSWH),以及 WebSocket 消息中的操作系统命令。
CVSS Information
N/A
Vulnerability Type
N/A