Lucene search
K

4 matches found

CVE
CVE
added 2024/12/16 12:0 a.m.87 views

CVE-2024-53376

CyberPanel prior to 2.3.8 is affected by an authenticated OS command injection in the websites/submitWebsiteCreation endpoint. The root cause is input handling of the phpSelection field allowing shell metacharacters to be executed by an authenticated user, enabling arbitrary command execution wit...

8.8CVSS7.7AI score0.10759EPSS
Exploits2References3Affected Software1
Metasploit
Metasploit
added 2024/12/05 6:56 p.m.514 views

CyberPanel Multi CVE Pre-auth RCE

This module exploits three separate unauthenticated Remote Code Execution vulnerabilities in CyberPanel: - CVE-2024-51567: Command injection vulnerability in the "upgrademysqlstatus" endpoint. - CVE-2024-51568: Command Injection via the "completePath" parameter in the "outputExecutioner" sink. -...

10CVSS8.3AI score0.94878EPSS
Exploits14
The Hacker News
The Hacker News
added 2024/12/05 5:9 a.m.20 views

CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel

The U.S. Cybersecurity and Infrastructure Security Agency CISA added multiple security flaws affecting products from Zyxel, North Grid Proself, ProjectSend, and CyberPanel to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. The list of...

10CVSS10AI score0.94878EPSS
Exploits11
Saint
Saint
added 2024/11/07 12:0 a.m.103 views

CyberPanel upgrademysqlstatus authentication bypass and command injection

Added: 11/07/2024 Background CyberPanel is a web hosting control panel. Problem A pair of vulnerabilities in the upgrademysqlstatus web resource could allow a remote attacker to bypass authentication using a PUT request and execute arbitrary commands with a specially crafted statusfile parameter...

8.5AI score
Exploits0
Rows per page
Query Builder