Lucene search
K

19 matches found

Tenable Nessus
Tenable Nessus
added 2025/07/29 12:0 a.m.3 views

CyberPanel < 2.3.8 RCE Direct Check (CVE-2024-51378)

The CyberPanel installed on the remote host is affected by a remote code execution vulnerability. getresetstatus in dns/views.py and ftp/views.py in CyberPanel aka Cyber Panel before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or...

10CVSS9.8AI score0.94878EPSS
Exploits7References4
Tenable Nessus
Tenable Nessus
added 2025/07/17 12:0 a.m.10 views

CyberPanel < 2.3.8 Multiple RCEs

The CyberPanel installed on the remote host is prior to 2.3.8. It is, therefore, affected by the following vulnerabilities: - upgrademysqlstatus in databases/views.py in CyberPanel aka Cyber Panel before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via...

10CVSS9AI score0.94878EPSS
Exploits12References6
RedhatCVE
RedhatCVE
added 2025/05/23 6:22 a.m.8 views

CVE-2024-53376

CyberPanel before 2.3.8 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the phpSelection field to the websites/submitWebsiteCreation URI...

8.8CVSS8.8AI score0.10759EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:9 a.m.4 views

CVE-2019-13056

An issue was discovered in CyberPanel through 1.8.4. On the user edit page, an attacker can edit the administrator's e-mail and password because of the lack of CSRF protection...

8.8CVSS7.1AI score0.00838EPSS
Exploits5References1
Exploit DB
Exploit DB
added 2025/04/11 12:0 a.m.224 views

CyberPanel 2.3.6 - Remote Code Execution (RCE)

Exploit Title: CyberPanel 2.3.6 - Remote Code Execution RCE Date: 10/29/2024 Exploit Author: Luka Petrovic refr4g Vendor Homepage: https://cyberpanel.net/ Software Link: https://github.com/usmannasir/cyberpanel Version: 2.3.5, 2.3.6, 2.3.7 before patch Tested on: Ubuntu 20.04, CyberPanel v2.3.5,...

10CVSS9.8AI score0.94878EPSS
Exploits7
RedhatCVE
RedhatCVE
added 2025/02/05 3:13 a.m.7 views

CVE-2024-51378

getresetstatus in dns/views.py and ftp/views.py in CyberPanel aka Cyber Panel before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware which is only for a POST request and using shell...

10CVSS10AI score0.94878EPSS
Exploits7References1
BDU FSTEC
BDU FSTEC
added 2024/12/23 12:0 a.m.14 views

The vulnerability of the CyberPanel web hosting control panel, related to the lack of measures to neutralize specific elements, allows a hacker to execute arbitrary commands.

The vulnerability of the CyberPanel web hosting control panel exists due to the lack of measures taken to neutralize certain elements. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary commands using a specially created HTTP OPTIONS request...

9CVSS5.9AI score0.10759EPSS
Exploits2References6Affected Software1
NVD
NVD
added 2024/12/16 4:15 a.m.10 views

CVE-2024-53376

CyberPanel before 2.3.8 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the phpSelection field to the websites/submitWebsiteCreation URI...

8.8CVSS0.10759EPSS
Exploits2References3
Cvelist
Cvelist
added 2024/12/16 12:0 a.m.19 views

CVE-2024-53376

CyberPanel before 2.3.8 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the phpSelection field to the websites/submitWebsiteCreation URI...

0.10759EPSS
Exploits2References3
Cvelist
Cvelist
added 2024/12/16 12:0 a.m.14 views

CVE-2024-56112

CyberPanel aka Cyber Panel before f0cf648 allows XSS via token or username to plogical/phpmyadminsignin.php...

0.00242EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/16 12:0 a.m.8 views

CVE-2024-56112

CyberPanel aka Cyber Panel before f0cf648 allows XSS via token or username to plogical/phpmyadminsignin.php...

5.9AI score0.00242EPSS
Exploits0References2
CVE
CVE
added 2024/12/16 12:0 a.m.51 views

CVE-2024-56112

CVE-2024-56112 affects CyberPanel (Cyber Panel) prior to version f0cf648. The issue enables cross-site scripting (XSS) via crafted inputs in the token or username to the plogical/phpmyadminsignin.php endpoint. CVSSv3.1 base score 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N); impact is limited to con...

6.1CVSS5.7AI score0.00242EPSS
Exploits0References2Affected Software1
GithubExploit
GithubExploit
added 2024/12/15 10:40 p.m.756 views

Exploit for CVE-2024-53376

CVE-2024-53376 CyberPanel Authenticated OS Command Injection...

8.8CVSS6.7AI score0.10759EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2024/12/05 12:0 a.m.14 views

CVE-2024-54679

CyberPanel aka Cyber Panel before 6778ad1 does not require the FilemanagerAdmin capability for restartMySQL actions...

4.3CVSS7AI score0.00924EPSS
Exploits2References3
CISA
CISA
added 2024/12/04 12:0 p.m.23 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-51378link is external CyberPanel Incorrect Default Permissions Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actor...

10CVSS7.2AI score0.94878EPSS
In wildExploits7References6
Positive Technologies
Positive Technologies
added 2024/10/29 12:0 a.m.5 views

PT-2024-34711

Name of the Vulnerable Software and Affected Versions: CyberPanel versions prior to 2.3.5 Description: CyberPanel aka Cyber Panel is susceptible to a command injection issue. This allows for unauthenticated remote code execution through the /filemanager/upload endpoint via shell metacharacters. T...

10CVSS9.6AI score0.45682EPSS
Exploits4References14
Positive Technologies
Positive Technologies
added 2024/10/29 12:0 a.m.4 views

PT-2024-7642 · Unknown · Cyberpanel

Name of the Vulnerable Software and Affected Versions: CyberPanel versions prior to 1c0c6cb CyberPanel versions through 2.3.6 CyberPanel version 2.3.7 Description: The issue is related to incorrect default permissions in CyberPanel, allowing remote attackers to bypass authentication and execute...

10CVSS10AI score0.94878EPSS
Exploits7References59
Positive Technologies
Positive Technologies
added 2024/10/23 12:0 a.m.5 views

PT-2024-9377

Name of the Vulnerable Software and Affected Versions: CyberPanel versions through 2.3.6 and unpatched 2.3.7 Description: The issue is related to the upgrademysqlstatus function in CyberPanel, which has inadequate authentication procedures. This allows a remote attacker to bypass authentication a...

10CVSS7.7AI score0.86725EPSS
Exploits7References40
Tenable Nessus
Tenable Nessus
added 2024/01/04 12:0 a.m.8 views

CyberPanel < 2.3.8 Remote Command Execution

CyberPanel version prior to 2.3.8 are affected by a vulnerability allowing an unauthenticated attacker to execute commands on the remote machine via a specially forged request. No source data...

10CVSS7.8AI score0.94878EPSS
Exploits14References4
Rows per page
Query Builder