19 matches found
CyberPanel < 2.3.8 RCE Direct Check (CVE-2024-51378)
The CyberPanel installed on the remote host is affected by a remote code execution vulnerability. getresetstatus in dns/views.py and ftp/views.py in CyberPanel aka Cyber Panel before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or...
CyberPanel < 2.3.8 Multiple RCEs
The CyberPanel installed on the remote host is prior to 2.3.8. It is, therefore, affected by the following vulnerabilities: - upgrademysqlstatus in databases/views.py in CyberPanel aka Cyber Panel before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via...
CVE-2024-53376
CyberPanel before 2.3.8 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the phpSelection field to the websites/submitWebsiteCreation URI...
CVE-2019-13056
An issue was discovered in CyberPanel through 1.8.4. On the user edit page, an attacker can edit the administrator's e-mail and password because of the lack of CSRF protection...
CyberPanel 2.3.6 - Remote Code Execution (RCE)
Exploit Title: CyberPanel 2.3.6 - Remote Code Execution RCE Date: 10/29/2024 Exploit Author: Luka Petrovic refr4g Vendor Homepage: https://cyberpanel.net/ Software Link: https://github.com/usmannasir/cyberpanel Version: 2.3.5, 2.3.6, 2.3.7 before patch Tested on: Ubuntu 20.04, CyberPanel v2.3.5,...
CVE-2024-51378
getresetstatus in dns/views.py and ftp/views.py in CyberPanel aka Cyber Panel before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware which is only for a POST request and using shell...
The vulnerability of the CyberPanel web hosting control panel, related to the lack of measures to neutralize specific elements, allows a hacker to execute arbitrary commands.
The vulnerability of the CyberPanel web hosting control panel exists due to the lack of measures taken to neutralize certain elements. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary commands using a specially created HTTP OPTIONS request...
CVE-2024-53376
CyberPanel before 2.3.8 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the phpSelection field to the websites/submitWebsiteCreation URI...
CVE-2024-53376
CyberPanel before 2.3.8 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the phpSelection field to the websites/submitWebsiteCreation URI...
CVE-2024-56112
CyberPanel aka Cyber Panel before f0cf648 allows XSS via token or username to plogical/phpmyadminsignin.php...
CVE-2024-56112
CyberPanel aka Cyber Panel before f0cf648 allows XSS via token or username to plogical/phpmyadminsignin.php...
CVE-2024-56112
CVE-2024-56112 affects CyberPanel (Cyber Panel) prior to version f0cf648. The issue enables cross-site scripting (XSS) via crafted inputs in the token or username to the plogical/phpmyadminsignin.php endpoint. CVSSv3.1 base score 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N); impact is limited to con...
Exploit for CVE-2024-53376
CVE-2024-53376 CyberPanel Authenticated OS Command Injection...
CVE-2024-54679
CyberPanel aka Cyber Panel before 6778ad1 does not require the FilemanagerAdmin capability for restartMySQL actions...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-51378link is external CyberPanel Incorrect Default Permissions Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actor...
PT-2024-34711
Name of the Vulnerable Software and Affected Versions: CyberPanel versions prior to 2.3.5 Description: CyberPanel aka Cyber Panel is susceptible to a command injection issue. This allows for unauthenticated remote code execution through the /filemanager/upload endpoint via shell metacharacters. T...
PT-2024-7642 · Unknown · Cyberpanel
Name of the Vulnerable Software and Affected Versions: CyberPanel versions prior to 1c0c6cb CyberPanel versions through 2.3.6 CyberPanel version 2.3.7 Description: The issue is related to incorrect default permissions in CyberPanel, allowing remote attackers to bypass authentication and execute...
PT-2024-9377
Name of the Vulnerable Software and Affected Versions: CyberPanel versions through 2.3.6 and unpatched 2.3.7 Description: The issue is related to the upgrademysqlstatus function in CyberPanel, which has inadequate authentication procedures. This allows a remote attacker to bypass authentication a...
CyberPanel < 2.3.8 Remote Command Execution
CyberPanel version prior to 2.3.8 are affected by a vulnerability allowing an unauthenticated attacker to execute commands on the remote machine via a specially forged request. No source data...