Overview
- Description
- getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Secondary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
Weaknesses
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-276
Social media
- Hype score
- Not currently trending
Top 5 Trending CVEs: 1 - CVE-2024-35202 2 - CVE-2024-38821 3 - CVE-2024-51378 4 - CVE-2024-50550 5 - CVE-2024-9264 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
3 Nov 2024
125 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-45216 2 - CVE-2024-38821 3 - CVE-2023-23397 4 - CVE-2024-51378 5 - CVE-2024-46538 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
2 Nov 2024
88 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-51378 is getting exploited #inthewild. Find out more at https://t.co/9I24IDM7Wd CVE-2024-51567 is getting exploited #inthewild. Find out more at https://t.co/CHMCRKe7PP
@inthewildio
1 Nov 2024
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨PoC for CVE-2024-51378; CyberPanel Command Injection Vulnerability https://t.co/N9YbK7yOjZ https://t.co/8DED6ZWO9X
@DarkWebInformer
1 Nov 2024
3734 Impressions
7 Retweets
18 Likes
6 Bookmarks
0 Replies
0 Quotes
CyberPanel: several critical zero-click unauthenticated root RCE URL: https://t.co/Uk76cNb5qv Classification: Critical, Solution: Temporary Fix, Exploit Maturity: High, CVSSv3.1: 10.0 CVEs: CVE-2024-51567, CVE-2024-51568, CVE-2024-51378 See also: - https://t.co/ewewfhR92l #cyberp
@CharyyevPerman
31 Oct 2024
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
PSAUX Ransomware exploits CyberPanel Vulnerabilities #PSAUXRansomware #CyberPanel #CVE-2024-51567 #CVE-2024-51568 #CVE-2024-51378 https://t.co/0c1xcVAZmm
@pravin_karthik
30 Oct 2024
75 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-51378 getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus... https://t.co/KIw8iUTTVe
@VulmonFeeds
30 Oct 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-51378: CRITICAL] CyberPanel vulnerability allows remote attackers to bypass authentication & execute arbitrary commands, impacting versions up to 2.3.6 and 2.3.7. Ensure prompt updates for security.#cybersecurity,#vulnerability https://t.co/kKbfwuVHsk https://t.co/b
@CveFindCom
29 Oct 2024
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-51378 getresetstatus in dns/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /ftp… https://t.co/1tqaXdIQ2O
@CVEnew
29 Oct 2024
500 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes