CVE-2023-35885 Scanner
Detects 'Remote Code Execution (RCE)' vulnerability in CloudPanel affects v. 2 before 2.3.1.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
1 month
Scan only one
Domain, Ipv4
Toolbox
-
CloudPanel is a web hosting control panel that enables users to manage their hosting environment efficiently. It combines various features and tools to help users maintain their website securely and effortlessly. Whether you are running a modest website or a complex web application, CloudPanel has the necessary features to manage your hosting environment with ease.
Recently, cybersecurity researchers discovered a vulnerability in the CloudPanel, known as CVE-2023-35885. This vulnerability relates to an insecure file-manager cookie authentication that potentially exposes users’ data and information to cyber-criminals. This particular vulnerability gives attackers an opportunity to gain unauthorized access to a user's CloudPanel instance by stealing the authentication token through manipulating cookies.
If exploited, an attacker can potentially access sensitive information, compromise legitimate accounts, and perform various malicious activities on a user's hosting environment. This includes manipulating files, stealing data, and even spreading malware. The impact of such activities can be catastrophic for a company's reputation and financial standing.
s4e.io is a platform that provides a range of pro features that can help users easily and quickly learn about vulnerabilities in their digital assets. Subscribing to this platform can help users to stay informed about the latest vulnerabilities that threaten their digital assets and obtain expert advice on how to protect them. s4e.io also provides users with practical steps to take in mitigating vulnerabilities detected in their digital assets.
REFERENCES