aaPanel is a free and Open source Hosting Control Panel for RHEL and Debian based systems. It is the Internationalized version for the BAOTA panel(www.bt.cn), developed in China. It allows users to manage their web server through a web-based GUI (Graphical User Interface).
- Nginx or Apache
- Multiple PHP version 5.4 to 7.3
- DNS Managemennt
- Mail server
- Mysql, MariaDB or MongoDB
- Amazon S3 and Google Cloud Storage
A vulnerability with a CVE score of 8.8, titled CVE-2020-14950 was uncovered. It targets all aaPanel versions through version 6.6.6. This vulnerability allows for remote authenticated users to execute arbitrary commands via shell metacharacters in a modified
/system?action=ServiceAdmin request (start, stop, or restart) to the setting menu of the Software Store.
It is recommended that users upgrade to the latest version (currently 6.6.9) immediately.
For more information about the currently available web hosting control panels please refer to this article.