CVE-2023-46157: 
CloudPanel vulnerability analysis and mitigation

File-Manager in MGT CloudPanel versions 2.0.0 through 2.3.2 contains a critical security vulnerability that allows users with the lowest privilege level to perform OS command injection. The vulnerability was discovered and disclosed in 2023, affecting the file management functionality of the application (NVD).

The vulnerability is classified as an OS Command Injection (CWE-78) with a CVSS v3.1 base score of 8.8 (HIGH). The attack vector involves manipulating file ownership and changing file permissions to 4755, which can lead to command execution. The vulnerability affects all versions of MGT CloudPanel from version 2.0.0 up to and including version 2.3.2 (NVD).

When successfully exploited, this vulnerability allows attackers with low-privilege access to execute arbitrary OS commands on the affected system, potentially leading to complete system compromise. The high CVSS score reflects the severe potential impact on system confidentiality, integrity, and availability (NVD).

The vulnerability was patched in version 2.3.3. Users are strongly advised to upgrade their MGT CloudPanel installations to a version newer than 2.3.2 to address this security issue (CloudPanel Changelog).

The vulnerability was reported by Muhammad Aizat from datack.my, highlighting the importance of security research in identifying critical vulnerabilities in web management panels (CloudPanel Changelog).