ajenti-panel@0.12 vulnerabilities
Ajenti core based panel
-
latest version
2.2.10
-
first published
10 years ago
-
latest version published
9 months ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the ajenti-panel package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
ajenti-panel is Ajenti core based panel. Affected versions of this package are vulnerable to Information Exposure. It can result in user and system enumeration as well as exposure of data from the How to fix Information Exposure? There is no fix version for |
[0,)
|
ajenti-panel is Ajenti core based panel. Affected versions of this package are vulnerable to Improper Error Handling in the Login JSON request. It can result in The requisition leaks a path of the server. This attack appear to be exploitable via By sending a malformed JSON, the tool responds with a traceback error that leaks a path of the server. How to fix Improper Error Handling? There is no fix version for |
[0,)
|
ajenti-panel is Ajenti core based panel. Affected versions of this package are vulnerable to Insecure Permissions in the Plugins download. It can result in The download of any plugins as being a normal user. This attack appear to be exploitable via By knowing how the requisition is made, and sending it as a normal user, the server, in response, downloads the plugin. How to fix Insecure Permissions? There is no fix version for |
[0,)
|
ajenti-panel is Ajenti core based panel. Affected versions of this package are vulnerable to Improper Input Validation in the How to fix Improper Input Validation? There is no fix version for |
[0,)
|
ajenti-panel is Ajenti core based panel. Affected versions of this package are vulnerable to Cross ite Request Forgery (CSRF) in the command execution panel of the tool used to manage the server. This attack appear to be exploitable via Being a CSRF, victim interaction is needed, when the victim access the infected trigger of the CSRF any code that match the victim privledges on the server can be executed. How to fix Cross-site Request Forgery (CSRF)? There is no fix version for |
[0,)
|