In bPanel 2.0, the administrative ajax endpoints (aka ajax/aj_*.php) are accessible without authentication and allow SQL injections, which could lead to platform compromise.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bittacora bpanel 2.0 |