CVE-2021-47949

HIGH

CyberPanel 2.1 Authenticated Remote Code Execution via Symlink Attack

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-47949. PoCs published by numan türle.

AI-analyzed exploit summary This exploit demonstrates an authenticated RCE vulnerability in CyberPanel <=2.1 by leveraging a symlink attack and command injection via the filemanager/controller endpoint. It also includes a reverse shell payload and token theft via MySQL queries.

Description

CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager controller endpoint. Attackers can manipulate the completeStartingPath parameter in POST requests to /filemanager/controller to create symbolic links, read sensitive files like database credentials, and execute arbitrary shell commands through the /websites/fetchFolderDetails endpoint.

Exploits (1)

exploitdb WORKING POC

by numan türle · pythonwebappsmultiple

https://www.exploit-db.com/exploits/50230

View Code ZIP pw:eip

This exploit demonstrates an authenticated RCE vulnerability in CyberPanel <=2.1 by leveraging a symlink attack and command injection via the filemanager/controller endpoint. It also includes a reverse shell payload and token theft via MySQL queries.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: CyberPanel <=2.1

Auth required

Prerequisites: valid CyberPanel credentials · access to a domain hosted on the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed May 10, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-50230

https://www.exploit-db.com/exploits/50230

Product product

Official Product Homepage

https://cyberpanel.net/

Product product

Product Reference

https://github.com/usmannasir/cyberpanel

Third Party Advisory third-party-advisory

VulnCheck Advisory: CyberPanel 2.1 Authenticated Remote Code Execution via Symlink Attack

https://www.vulncheck.com/advisories/cyberpanel-authenticated-remote-code-execution-via-symlink-attack

Scores

CVSS v3 8.8

EPSS 0.0053

EPSS Percentile 40.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-59

Status published

Products (1)

Cyberpanel/CyberPanel <= 2.1

Published May 10, 2026

Tracked Since May 10, 2026