WPanel 4 4.3.1 and Below: Multiple Remote Code Execution (RCE) Vulnerabilities via Malicious PHP File Upload
CVE-2021-34257 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Multiple Remote Code Execution (RCE) vulnerabilities exist in WPanel 4 4.3.1 and below via a malicious PHP file upload to (1) Dashboard's Avatar image, (2) Posts Folder image, (3) Pages Folder image and (4) Gallery Folder image.
Learn more about our Web Application Penetration Testing UK.