CVE-2021-31316 Scanner

CentOS Web Panel (CWP) is a widely used control panel designed for web hosting management. It simplifies the administration of Linux servers, providing an intuitive interface for managing domains, file storage, and server configurations. CWP is commonly used by web hosting providers and system administrators for efficient server management.

This vulnerability allows attackers to exploit a SQL Injection (SQLi) flaw in the `idsession` parameter of the `login/index.php` endpoint. By crafting malicious SQL statements, attackers can execute unauthorized queries on the underlying database. This issue arises from improper input validation in handling user-supplied data.

Technical analysis shows that the vulnerability exists in the HTTP POST parameter `idsession`. Attackers can inject SQL payloads that interact with the database, potentially exposing sensitive data or altering database contents. This critical vulnerability can be exploited remotely without prior authentication.

If successfully exploited, this vulnerability can lead to unauthorized data access, modification, or deletion. Attackers may retrieve sensitive information, such as user credentials, or compromise the entire database structure. The potential impact includes service disruption, data leaks, and significant reputational harm for affected organizations.

REFERENCES

• https://www.shielder.com/advisories/centos-web-panel-idsession-root-rce/
• https://nvd.nist.gov/vuln/detail/CVE-2021-31316