Experts in vulnerabilities analysis report the discovery of several security vulnerabilities in CentOS, a free hosting management panel designed to facilitate the administration of dedicated servers and VPS. According to the report, the successful exploitation of these vulnerabilities could allow scenarios such as SQL injection or directory escalations, which can become quite a big problem.
Some vulnerabilities on CentOS
▸Insufficient sanitization of user input in the “user” parameter of “ajax_mail_autoreply.php” allows remote hackers to execute arbitrary SQL queries on the target database.
▸Insufficient sanitization of user input in the “package” parameter in “ajax_list_accounts.php” allows remote threat attackers to run arbitrary SQL queries on the target database.
▸This flaw exists due to the inadequate purification of the data provided by the users, mention the experts in vulnerability analysis. The flaw would allow obtaining confidential information by executing arbitrary SQL queries.
▸The flaw exists due to insufficient sanitization of the data provided by the user in the “search” parameter of “ajax_mail_autoreply.php”. Remote hackers could send a specially crafted request to run arbitrary SQL queries.
▸An input validation error when processing traversal sequences within the “ajax_mod_security.php” parameter in “file” would allow attackers to execute directory escalation attacks, this is a pretty serious vulnerability.
These vulnerabilities are quite dangerous and the only thing we can do is wait for them to be corrected, the good side is that so far not many abuses of these vulnerabilities have been reported. These vulnerabilities can be controlled and the best thing you can do is look and be cautious with them in case you have CentOS.
