WPanel 4 4.3.1 and Below: Multiple Remote Code Execution (RCE) Vulnerabilities via Malicious PHP File Upload

WPanel 4 4.3.1 and Below: Multiple Remote Code Execution (RCE) Vulnerabilities via Malicious PHP File Upload

CVE-2021-34257 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Multiple Remote Code Execution (RCE) vulnerabilities exist in WPanel 4 4.3.1 and below via a malicious PHP file upload to (1) Dashboard's Avatar image, (2) Posts Folder image, (3) Pages Folder image and (4) Gallery Folder image.

Learn more about our Web Application Penetration Testing UK.