Ajenti exploit. It is advisable to upgrade the affected component. Ajenti version 2 contains an Information Disclosure vulnerability in Line 176 of the code source that can result in user and system enumeration as well as data from the /etc/ajenti/config. yml file. Jun 10, 2022 · Affected versions of this package are vulnerable to Remote Code Execution (RCE) in os auth provider. }, 'Author' => [ 'Jeremy Brown', # Vulnerability discovery 'Onur ER <onur@onurer. webapps exploit for Python platform Feb 26, 2026 · Ajenti is a Linux and BSD modular server admin panel. 13, an unauthenticated user could gain access to a server to execute arbitrary code on this server. settings ajenti. Jun 9, 2022 · Enrichment data supplied by the NVD may require amendment due to these changes. plugin Oct 30, 2019 · Ajenti 2. A vulnerability has been found in ajenti 2. Tested Ajenti 2. Once again VulDB remains the best source for vulnerability data. One can locally monitor executed commands on the server while testing. 36 - Remote Code Execution (Authenticated). 1. 31. The percentile measures the EPSS probability relative to all known EPSS scores. CVE-2026-27975 Ajenti has a potential Remote Code Execution Ajenti is a Linux and BSD modular server admin panel. Jun 10, 2022 · Remote Code Execution (RCE) Affecting ajenti package, versions [0,] The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. Oct 18, 2019 · A vulnerability, which was classified as critical, has been found in ajenti 2. . webapps exploit for Python platform This module exploits a command injection in Ajenti == 2. webapps exploit for JSON platform This module exploits a command injection in Ajenti <= 2. 31 and classified as critical. Oct 14, 2019 · Ajenti 2. Prior to version 2. Oct 23, 2020 · Ajenti 2. 31 – Remote Code Execution Ajenti is a web control panel written in Python and AngularJS. plugin. Description This module exploits a command injection in Ajenti == 2. Jan 14, 2020 · ajenti-panel -v Ajenti Panel consists of plugins developed for the Ajenti Core and a startup script, together with providing a server administration panel experience, this command will start Ajenti server in a verbose debug mode. This vulnerability affects unknown code of the component API. 13 Oct 23, 2020 · Ajenti 2. 31 ajenti. 31 - Remote Code Execution. The attack can be initiated remotely. Vulnerable Application This module has been tested with Ajenti 2. Ajenti 2. webapps exploit for Python platform This module exploits a command injection in Ajenti <= 2. The manipulation leads to privilege escalation. dashboard ajenti. 31 on Ubuntu 18. 31 - Remote Code Exection (Metasploit). 2. This is fixed in the version 2. 31 Setup sudo pip install ajenti-panel==2. ajenti-panel -v Now from an attacker’s machine, import the exploit into the Metasploit module of a machine. net>' # Metasploit module ], 'References' => [ ['EDB', '47497'] ], 'DisclosureDate' => '2019-10-14', Ajenti products and CVEs, security vulnerabilities, affecting the products with detailed CVSS, EPSS score information and exploits Explore the latest vulnerabilities and security issues of Ajenti in the CVE database. By injecting a command into the username POST parameter to api/core/auth, a shell can be spawned. The vulnerable component is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Modified the JSON request username value to be `id` which allows for remote code execution. 04, fixed in 2. This vulnerability is cataloged as CVE-2019-25066. 32. pnk lkgb snhatmg rlgcw rafjaz ayjnie ergpt kuefhs flel haddp