module
Ajenti auth username Command Injection
| Disclosed |
|---|
| Oct 14, 2019 |
Disclosed
Oct 14, 2019
Description
This module exploits a command injection in Ajenti == 2.1.31.
By injecting a command into the username POST parameter to api/core/auth, a shell can be spawned.
By injecting a command into the username POST parameter to api/core/auth, a shell can be spawned.
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.