Overview
- Description
- CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner() sink. There is /filemanager/upload (aka File Manager upload) unauthenticated remote code execution via shell metacharacters.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Secondary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
Weaknesses
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-78
Social media
- Hype score
- Not currently trending
A serious vulnerability, designated CVE-2024-51568, has been identified in @CyberPanel versions prior to 2.3.5. This command injection vulnerability enables unauthenticated remote code execution via the /filemanager/upload endpoint,posing a critical risk with a CVSS score of 10.0
@CRAC_Learning
5 Nov 2024
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#DOYOUKNOWCVE PSAUX ransomware is targeting two critical vulnerabilities in CyberPanel—CVE-2024-51567 & CVE-2024-51568. CVE-2024-51567: Allows attackers to bypass authentication via the upgrademysqlstatus function. For more information: https://t.co/JC47FB76qm CVE-2024-51
@Loginsoft_Inc
1 Nov 2024
87 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CyberPanel: several critical zero-click unauthenticated root RCE URL: https://t.co/Uk76cNb5qv Classification: Critical, Solution: Temporary Fix, Exploit Maturity: High, CVSSv3.1: 10.0 CVEs: CVE-2024-51567, CVE-2024-51568, CVE-2024-51378 See also: - https://t.co/ewewfhR92l #cyberp
@CharyyevPerman
31 Oct 2024
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
PSAUX Ransomware exploits CyberPanel Vulnerabilities #PSAUXRansomware #CyberPanel #CVE-2024-51567 #CVE-2024-51568 #CVE-2024-51378 https://t.co/0c1xcVAZmm
@pravin_karthik
30 Oct 2024
75 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-51568 CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner() sink. There is /filemanager/upload (aka File Manager upload) unauthent... https://t.co/IMAbZ4Uyjm
@VulmonFeeds
30 Oct 2024
54 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes
PSAUX Ransomware is Exploiting Two Max Severity Flaws (CVE-2024-51567, CVE-2024-51568) in CyberPanel https://t.co/tuLmiS0Apl
@Dinosn
30 Oct 2024
2161 Impressions
3 Retweets
12 Likes
3 Bookmarks
0 Replies
0 Quotes
PSAUX Ransomware is Exploiting Two Max Severity Flaws (CVE-2024-51567, CVE-2024-51568) in CyberPanel https://t.co/LxqvoGcI4f Three critical remote code execution (RCE) vulnerabilities impacting CyberPanel, a widely used web hosting control panel, are under active exploitation.…
@f1tym1
30 Oct 2024
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-51568: CRITICAL] CyberPanel (Cyber Panel) before 2.3.5 is vulnerable to Command Injection and unauthenticated remote code execution via shell metacharacters in /filemanager/upload. #cybersecurity#cybersecurity,#vulnerability https://t.co/YsdkkmU5OD https://t.co/addagLCN
@CveFindCom
29 Oct 2024
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-51568 CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner() sink. There is /filemanager/upload (ak… https://t.co/vvFRLu3qPM
@CVEnew
29 Oct 2024
590 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes