Vulnerabilities > Aapanel > Aapanel > 6.2.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-02 | CVE-2021-37840 | Unspecified vulnerability in Aapanel aaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking (CSWH) involving OS commands within WebSocket messages at a ws:// URL for /webssh (the victim must have configured Terminal with at least one host). network aapanel | 6.8 |
| 2020-06-21 | CVE-2020-14950 | Improper Input Validation vulnerability in Aapanel aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request (start, stop, or restart) to the setting menu of Sotfware Store. | 6.5 |
| 2020-06-18 | CVE-2020-14421 | Argument Injection or Modification vulnerability in Aapanel aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen. | 7.2 |