PT-2024-34711

Name of the Vulnerable Software and Affected Versions: CyberPanel versions prior to 2.3.5 Description: CyberPanel aka Cyber Panel is susceptible to a command injection issue. This allows for unauthenticated remote code execution through the /filemanager/upload endpoint via shell metacharacters. T...

VulnCheck KEV: CVE-2024-51568

CyberPanel aka Cyber Panel before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner sink. There is /filemanager/upload aka File Manager upload unauthenticated remote code execution via shell metacharacters...

CVE-2024-51568

CyberPanel aka Cyber Panel before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner sink. There is /filemanager/upload aka File Manager upload unauthenticated remote code execution via shell metacharacters...

CVE-2024-51567

upgrademysqlstatus in databases/views.py in CyberPanel aka Cyber Panel before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware which is only for a POST request and using shell metacharacters in the...

CVE-2024-51568

CyberPanel pre-2.3.5 is affected by a critical, unauthenticated pre-auth RCE via command injection in the file upload path. Specifically, CVE-2024-51568 exploits the completePath parameter in the ProcessUtilities.outputExecutioner() sink, enabling remote code execution through /filemanager/upload...

CVE-2024-51567

CVE-2024-51567 = CyberPanel pre-auth remote code execution via the upgrademysqlstatus endpoint. Affected CyberPanel builds (through 2.3.6 and unpatched 2.3.7) allow attackers to bypass secMiddleware protecting POST requests and inject commands using shell metacharacters in the statusfile paramete...

VulnCheck KEV: CVE-2024-51378

CyberPanel contains an incorrect default permissions vulnerability that allows for authentication bypass and the execution of arbitrary commands using shell metacharacters in the statusfile property...

PT-2024-9377

Name of the Vulnerable Software and Affected Versions: CyberPanel versions through 2.3.6 and unpatched 2.3.7 Description: The issue is related to the upgrademysqlstatus function in CyberPanel, which has inadequate authentication procedures. This allows a remote attacker to bypass authentication a...

CyberPanel < 2.3.8 Remote Command Execution

CyberPanel version prior to 2.3.8 are affected by a vulnerability allowing an unauthenticated attacker to execute commands on the remote machine via a specially forged request. No source data...

CyberPanel 2.1 - Remote Code Execution (Authenticated) Exploit

Title: CyberPanel 2.1 - Remote Code Execution RCE Authenticated Author: Numan Türle Vendor Homepage: https://cyberpanel.net/ Software Link: https://github.com/usmannasir/cyberpanel Version: =2.1 https://www.youtube.com/watch?v=J8iLELVgkE !/usr/bin/python3 -- coding: utf-8 -- CyberPanel - Remote...

CyberPanel 2.1 Remote Code Execution

Title: CyberPanel 2.1 - Remote Code Execution RCE Authenticated Date: 27.08.2021 Author: Numan Türle Vendor Homepage: https://cyberpanel.net/ Software Link: https://github.com/usmannasir/cyberpanel Version: =2.1 https://www.youtube.com/watch?v=J8iLELVgkE !/usr/bin/python3 -- coding: utf-8 --...

CyberPanel 2.1 - Remote Code Execution (RCE) (Authenticated)

Title: CyberPanel 2.1 - Remote Code Execution RCE Authenticated Date: 27.08.2021 Author: Numan Türle Vendor Homepage: https://cyberpanel.net/ Software Link: https://github.com/usmannasir/cyberpanel Version: =2.1 https://www.youtube.com/watch?v=J8iLELVgkE !/usr/bin/python3 -- coding: utf-8 --...

CVE-2019-13056

An issue was discovered in CyberPanel through 1.8.4. On the user edit page, an attacker can edit the administrator's e-mail and password because of the lack of CSRF protection...

CVE-2019-13056

An issue was discovered in CyberPanel through 1.8.4. On the user edit page, an attacker can edit the administrator's e-mail and password because of the lack of CSRF protection...

Cross site request forgery (csrf)

An issue was discovered in CyberPanel through 1.8.4. On the user edit page, an attacker can edit the administrator's e-mail and password because of the lack of CSRF protection...

CVE-2019-13056

CVE-2019-13056 affects CyberPanel up to version 1.8.4, where the user edit page is vulnerable to CSRF. The root cause is a lack of CSRF protection, enabling an attacker to change the administrator’s email and password by sending a forged request to the target server. Practical impact is administr...

CVE-2019-13056

An issue was discovered in CyberPanel through 1.8.4. On the user edit page, an attacker can edit the administrator's e-mail and password because of the lack of CSRF protection...

CyberPanel 1.8.4 - Cross-Site Request Forgery Vulnerability

Exploit for multiple platform in category web applications Title: CyberPanel Administrator Account Takeover fetch'https://SERVERIP:8090/users/saveModifications', method: 'POST', credentials: 'include', headers: 'Content-Type': 'text/plain', body:...

CyberPanel Cross-Site Request Forgery Vulnerability

CyberPanel is a web hosting control panel with built-in DNS and email servers. A cross-site request forgery vulnerability exists in CyberPanel 1.8.4 and earlier versions. The vulnerability stems from a WEB application that does not adequately validate that a request is coming from a trusted user...

CyberPanel 1.8.4 Cross Site Request Forgery

Title: CyberPanel Administrator Account Takeover fetch'https://SERVERIP:8090/users/saveModifications', method: 'POST', credentials: 'include', headers: 'Content-Type': 'text/plain', body:...