Airleader: >> Master Ii+ Security Vulnerabilities
The Panel Designer dashboard in Airleader Master and Easy before 6.36 allows remote attackers to execute arbitrary commands via a wizard/workspace.jsp unrestricted file upload. To exploit this, the attacker must login to the administrator console (default credentials are weak and easily guessable) and upload a JSP file via the Panel Designer dashboard.
CVSS Score
7.2
EPSS Score
0.004
Published
2025-06-10