CyberPanel < 2.3.8 RCE Direct Check (CVE-2024-51567)

The CyberPanel installed on the remote host is affected by a remote code execution vulnerability. upgrademysqlstatus in databases/views.py in CyberPanel aka Cyber Panel before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus...

The vulnerability of the upgrademysqlstatus() function in the CyberPanel web hosting control panel allows a hacker to escalate their privileges and execute arbitrary commands.

The vulnerability of the upgrademysqlstatus function in the CyberPanel web hosting control panel is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to elevate their privileges and execute arbitrary commands remotely...

CyberPanel upgrademysqlstatus authentication bypass and command injection

Added: 11/07/2024 Background CyberPanel is a web hosting control panel. Problem A pair of vulnerabilities in the upgrademysqlstatus web resource could allow a remote attacker to bypass authentication using a PUT request and execute arbitrary commands with a specially crafted statusfile parameter...

CyberPanel upgrademysqlstatus authentication bypass and command injection

Added: 11/07/2024 Background CyberPanel is a web hosting control panel. Problem A pair of vulnerabilities in the upgrademysqlstatus web resource could allow a remote attacker to bypass authentication using a PUT request and execute arbitrary commands with a specially crafted statusfile parameter...

CyberPanel upgrademysqlstatus Arbitrary Command Execution

import httpx import sys def getCSRFtokenclient: resp = client.get"/" return resp.cookies'csrftoken' def pwnclient, CSRFtoken, cmd: headers = "X-CSRFToken": CSRFtoken, "Content-Type":"application/json", "Referer": strclient.baseurl payload = '"statusfile":"/dev/null; %s; ","csrftoken":"%s"' % cmd,...

CyberPanel 安全漏洞

CyberPanel is a web hosting control panel with built-in DNS and email servers by Usman Nasir, an individual developer. CyberPanel has a security vulnerability that originates from upgrademysqlstatus in databases/views.py that allows remote attackers to bypass authentication and execute arbitrary...

CVE-2024-51567

CVE-2024-51567 = CyberPanel pre-auth remote code execution via the upgrademysqlstatus endpoint. Affected CyberPanel builds (through 2.3.6 and unpatched 2.3.7) allow attackers to bypass secMiddleware protecting POST requests and inject commands using shell metacharacters in the statusfile paramete...

CVE-2024-51567

upgrademysqlstatus in databases/views.py in CyberPanel aka Cyber Panel before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware which is only for a POST request and using shell metacharacters in the...