GCVE - cpe:2.3:a:aapanel:aapanel:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:aapanel:aapanel:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Aapanel (`2c58d342-62d5-5d4c-b34a-1e5a15c9d356`)
Product	Aapanel (`8bd148a4-28ef-5457-8130-510bca750027`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:docker/aapanel/aapanel`	purl2cpe	2026-06-01 10:11:34.852724
`pkg:github/aapanel/aapanel`	purl2cpe	2026-06-01 10:11:34.852727

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-42922`	vulnerable	2026-06-03 14:56:43.053750	Details available AAPanel v7.0.7 was discovered to contain an OS command injection vulnerability. Published: 2025-05-21T00:00:00.000Z Updated: 2025-05-21T17:51:00.960Z Open on db.gcve.eu Reference links https://gist.github.com/mstfsec/c4c05ddfb1cf8779422ff780587723c8	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-37840`	vulnerable	2026-06-03 14:45:01.146640	Details available aaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking (CSWH) involving OS commands within WebSocket messages at a ws:// URL for /webssh (the victim must have configured Terminal with at least one host). Successful exploitation depends on the browser used by a potential victim (e.g., exploitation can occur with Firefox but not Chrome). Published: 2021-08-02T13:53:57.000Z Updated: 2024-08-04T01:30:08.582Z Open on db.gcve.eu Reference links https://github.com/aaPanel/aaPanel/issues/74 https://ssd-disclosure.com/ssd-advisory-aapanel-cswh-to-rce/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-14950`	vulnerable	2026-06-03 14:41:45.008123	Details available aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request (start, stop, or restart) to the setting menu of Sotfware Store. Published: 2020-06-21T15:58:33.000Z Updated: 2024-08-04T13:00:52.108Z Open on db.gcve.eu Reference links https://github.com/jenaye/aapanel	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-14421`	vulnerable	2026-06-03 14:41:43.705051	Details available aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen. Published: 2020-06-18T12:51:09.000Z Updated: 2024-08-04T12:46:34.393Z Open on db.gcve.eu Reference links https://github.com/jenaye/aapanel https://forum.aapanel.com http://packetstormsecurity.com/files/159575/aaPanel-6.6.6-Privilege-Escalation.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.