Xiaopi Panel PHPstudy Linux version is suspected of having an RCE vulnerability

According to netizens’ reports, the Linux version of PHPstudy’s small leather panel (currently the latest version V1.11) has a serious remote code execution vulnerability. Judging from the screenshots uploaded online, the 0day has been circulating on the Internet for at least three months. Webmasters and companies are requested to take safety precautions in time.

Some netizens said that they have successfully reproduced the problem, including XSS in the login box and RCE in the background.

Simply speaking, there is an XSS vulnerability in the user name of the login box. RCE can be achieved by adding scheduled tasks by implanting JS code.

Recommended site searches: Mainland China site group server, cloud service organ network, ip online query, Ministry of Industry and Information Technology icp registration query, overseas host rental, ip address query, asp host space, US unlimited content host, server rental US high defense, Website filing time,