Luka Petrovic (refr4g) - Security Researcher - Exploit Intelligence Platform

CVE-2024-51378 NOMISEC CRITICAL WORKING POC

CyberPanel < 2.3.8 - Unauthenticated OS Command Injection via DNS/FTP getresetstatus Endpoint

getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.

22 stars

CVSS 10.0

View Code

CVE-2024-51568 METASPLOIT CRITICAL ruby WORKING POC

CyberPanel <2.3.5 - Command Injection

CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner() sink. There is /filemanager/upload (aka File Manager upload) unauthenticated remote code execution via shell metacharacters.

CVSS 10.0

View Code

CVE-2024-51567 METASPLOIT CRITICAL ruby WORKING POC

CyberPanel Multi CVE Pre-auth RCE

upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.

CVSS 10.0

View Code

CVE-2024-51378 METASPLOIT CRITICAL ruby WORKING POC

CyberPanel < 2.3.8 - Unauthenticated OS Command Injection via DNS/FTP getresetstatus Endpoint

getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.

CVSS 10.0

View Code

CVE-2024-51378 EXPLOITDB CRITICAL python WORKING POC

CyberPanel < 2.3.8 - Unauthenticated OS Command Injection via DNS/FTP getresetstatus Endpoint

getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.

CVSS 10.0

View Code