Vulnerabilities > CVE-2022-48079 - Unspecified vulnerability in Mengnai Aapanel Host System 1.5

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

mengnai

critical

NVD

Published: 2023-02-02

Updated: 2023-02-08

Summary

Monnai aaPanel host system v1.5 contains an access control issue which allows attackers to escalate privileges and execute arbitrary code via uploading a crafted PHP file to the virtual host directory of the system.

Vulnerable Configurations

Part	Description	Count
Application	Mengnai Mengnai Aapanel Host System 1.5	1

References

http://mf.mengnai.top/
https://thanatosxingyu.github.io/