Remote Command Execution Vulnerability in CyberPanel
CVE-2024-53376

Currently unrated

Key Information:

Vendor: CyberPanel
Vendor: CVE Published:; 16 December 2024

Badges

📈 Score: 245👾 Exploit Exists🟡 Public PoC🟣 EPSS 80%

Summary

CVE-2024-53376 is a critical remote code execution vulnerability affecting CyberPanel versions before 2.3.8. This flaw allows authenticated users to execute arbitrary commands on the server by manipulating the phpSelection field in the websites/submitWebsiteCreation URI. The vulnerability arises from inadequate input validation, which enables attackers with valid credentials to leverage shell metacharacters to compromise the server. This poses an urgent threat, as it can lead to unauthorized access and control over the affected systems.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-53376
Created by ThottySploity

References

https://github.com/ThottySploity/CVE-2024-53376

https://thottysploity.github.io/posts/cve-2024-53376

https://github.com/ThottySploity/CVE-2024-53376/blob/aa30...

EPSS Score

80% chance of being exploited in the next 30 days.

Timeline

🟡
Public PoC available
Dec 16, 2024
👾
Exploit known to exist
Dec 16, 2024
Vulnerability published
Dec 16, 2024
Vulnerability Reserved
Nov 20, 2024