Title:CentOS Web Panel SQL注入漏洞 (CVE-2021-31316) Description:CentOS Web Panel(CWP)是Control Web Panel社区的一款免费的虚拟主机控制面板。 CentOS Web Panel 存在SQL注入漏洞,该漏洞允许非特权用户通过idsession这个HTTP POST参数进行攻击。
Description
The unprivileged user portal part of CentOS Web Panel is affected by a SQL Injection via the 'idsession' HTTP POST parameter.
1. It is advised to access via the original source first.2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.