mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-07 19:16:22 +00:00
750 B
750 B
CVE-2020-28657
Description
In bPanel 2.0, the administrative ajax endpoints (aka ajax/aj_*.php) are accessible without authentication and allow SQL injections, which could lead to platform compromise.
POC
Reference
- https://github.com/blackarrowsec/advisories/tree/master/2020/CVE-2020-28657
- https://github.com/blackarrowsec/advisories/tree/master/2020/CVE-2020-28657
Github
No PoCs found on GitHub currently.