We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-51568



Assignermitre
Reserved2024-10-29
Published2024-10-29
Updated2024-10-30

Description

CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner() sink. There is /filemanager/upload (aka File Manager upload) unauthenticated remote code execution via shell metacharacters.



CRITICAL: 10.0CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:N

References

https://cwe.mitre.org/data/definitions/78.html

https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce

https://cyberpanel.net/KnowledgeBase/home/change-logs/

https://cyberpanel.net/blog/cyberpanel-v2-3-5

cve.org CVE-2024-51568

nvd.nist.gov CVE-2024-51568

Download JSON

Share this page
https://cve.threatint.com
Subscribe to our newsletter to learn more about our work.