4 matches found
CVE-2024-53376
CyberPanel prior to 2.3.8 is affected by an authenticated OS command injection in the websites/submitWebsiteCreation endpoint. The root cause is input handling of the phpSelection field allowing shell metacharacters to be executed by an authenticated user, enabling arbitrary command execution wit...
CyberPanel Multi CVE Pre-auth RCE
This module exploits three separate unauthenticated Remote Code Execution vulnerabilities in CyberPanel: - CVE-2024-51567: Command injection vulnerability in the "upgrademysqlstatus" endpoint. - CVE-2024-51568: Command Injection via the "completePath" parameter in the "outputExecutioner" sink. -...
CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel
The U.S. Cybersecurity and Infrastructure Security Agency CISA added multiple security flaws affecting products from Zyxel, North Grid Proself, ProjectSend, and CyberPanel to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. The list of...
CyberPanel upgrademysqlstatus authentication bypass and command injection
Added: 11/07/2024 Background CyberPanel is a web hosting control panel. Problem A pair of vulnerabilities in the upgrademysqlstatus web resource could allow a remote attacker to bypass authentication using a PUT request and execute arbitrary commands with a specially crafted statusfile parameter...