CNNVD-202509-3042 Information

CNNVD ID

CNNVD-202509-3042

Related CVE

CVE-2025-48703

• CNNVD Published: 2025-09-19

Description (Chinese)

Control Web Panel是一款Linux虚拟主机控制面板。 Control Web Panel 0.9.8.1205之前版本存在操作系统命令注入漏洞，该漏洞源于filemanager changePerm请求中t_total参数包含shell元字符，可能导致远程代码执行。

Description (English)

Control Web Panel is a Linux virtual mainframe control panel. There was a loophole in the operating system command prior to control Web Panel 0.9.8.1205 from the t total parameter contained in the filemanager changePerm request containing shell characters that could lead to remote code execution.

Hazard Level

High

Vulnerability Type

操作系统命令注入

Affected Vendor

Conventional Changelog

Published

2025-09-19

Last Modified

2026-02-24

References

https://fenrisk.com/rce-centos-webpanel https://access.redhat.com/security/cve/cve-2025-48703

Patch

https://control-webpanel.com/installation-instructions#step4