In CWP (aka Control Web Panel or CentOS Web Panel) prior to 0.9.8.1107, attackers can make a crafted request to api/?api=add_server&DHCP= to add an authorized_keys text file in the /resources/ folder.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
control-webpanel webpanel |