(0Day) CentOS Web Panel ajax_dashboard service_start Command Injection

Hi

I'm looking for information on if this has been fixed?
   
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel. Authentication is not required to exploit this vulnerability.

The specific flaw exists within ajax_dashboard.php. When parsing the service_start parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root.

https://www.zerodayinitiative.com/advisories/ZDI-20-752/

Let's assume it hasn't been. 
They're not exactly renowned for responding to security researchers nor providing details of software updates.
It's a shame that the public notification doesn't supply a specific solution, such as "add the following mod_sec rule..".

please use the search option in the forum before posting so others don't need to do a search for you!
http://forum.centos-webpanel.com/index.php?topic=9244.msg32372#msg32372

01/23/20 – ZDI reported the vulnerabilities to the vendor
04/30/20 – ZDI requested a status update
05/20/20 – ZDI requested a status update
05/28/20 – ZDI requested a status update
06/12/20 - ZDI notified the vendor of the intention to publish these reports as 0-day advisories on 06/25/2020

Cool, do you have an information about the fix?

As mentioned before, here and elsewhere - communication is everything, especially where security is concerned.