CVE-2020-14421
HIGHaaPanel <6.6.6 - Command Injection
Title source: llmDescription
aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen.
Scores
CVSS v3
7.2
EPSS
0.0945
EPSS Percentile
92.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Classification
CWE
CWE-88
Status
published
Affected Products (1)
aapanel/aapanel
< 6.6.6
Timeline
Published
Jun 18, 2020
Tracked Since
Feb 18, 2026