CVE-2021-31324 Scanner

CentOS Web Panel (CWP) is a widely used web hosting control panel designed to provide an intuitive interface for managing server resources and websites. It is utilized by system administrators and hosting providers for tasks like domain management, file management, and server monitoring. Its simplicity and feature set make it a popular choice for hosting environments, especially in Linux-based infrastructures.

The detected vulnerability is an OS Command Injection flaw in the unprivileged user portal of CentOS Web Panel. This vulnerability allows attackers to execute arbitrary OS commands with root privileges remotely. Exploitation requires sending specially crafted HTTP requests, enabling attackers to compromise the server fully.

The technical details of this vulnerability reveal that the `idsession` parameter in the `login/index.php` endpoint is improperly sanitized. Attackers can inject malicious commands using this parameter, which are executed with root privileges due to improper input validation. This vulnerability is critical because it allows remote code execution with minimal effort.

If exploited, this vulnerability can lead to full system compromise, including unauthorized access to sensitive data, server control, and potential deployment of malware. It poses a severe risk to the confidentiality, integrity, and availability of the server and hosted services.

REFERENCES

• https://www.shielder.com/advisories/centos-web-panel-idsession-root-rce/
• https://nvd.nist.gov/vuln/detail/CVE-2021-31324