CVE-2020-28657

In bPanel 2.0, the administrative ajax endpoints (aka ajax/aj_*.php) are accessible without authentication and allow SQL injections, which could lead to platform compromise. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt