Unauthorized Remote Code Execution via Shell Metacharacters in File Manager Upload
CVE-2024-51568

9.8CRITICAL

Key Information:

Vendor: CyberPanel
Status: Cyberpanel
Vendor: CVE Published:; 29 October 2024

Badges

🟣 EPSS 87%📰 News Worthy

What is CVE-2024-51568?

A vulnerability in CyberPanel prior to version 2.3.5 allows attackers to execute commands on the server through the ProcessUtilities.outputExecutioner() function. This command injection can be exploited via the file manager upload feature, where unauthenticated users may leverage shell metacharacters to execute arbitrary code. The lack of proper validation makes this a serious threat to the security of systems utilizing CyberPanel, enabling potential unauthorized access and control.

News Articles

TheCyberThrone

CVE-2024-51567 CVE-2024-51568

PSAUX Ransomware exploits CyberPanel Vulnerabilities

The PSAUX ransomware has seen exploiting CyberPanel vulnerabilities affects versions 2.3.6 and 2.3.7 and permits unauthenticated attackers to gain root access, enabling complete control over affected systems. The vulnerabilities are tracked as CVE-2024-51567, CVE-2024-51568, and CVE-2024-51378, each...

References

https://cwe.mitre.org/data/definitions/78.html

https://dreyand.rs/code/review/2024/10/27/what-are-my-opt...

https://cyberpanel.net/KnowledgeBase/home/change-logs/

EPSS Score

87% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by TheCyberThrone
Oct 30, 2024
Vulnerability published
Oct 29, 2024