CVE-2023-35885

CRITICAL EXPLOITED IN THE WILD NUCLEI

CloudPanel 2 <2.3.1 - Auth Bypass

Title source: llm

Description

CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.

Exploits (2)

nomisec WORKING POC 56 stars
by datackmy · remote
https://github.com/datackmy/FallingSkies-CVE-2023-35885
nomisec WORKING POC 4 stars
by Chocapikk · remote
https://github.com/Chocapikk/CVE-2023-35885

Nuclei Templates (1)

Cloudpanel 2 < 2.3.1 - Remote Code Execution
CRITICALVERIFIEDby DhiyaneshDk
Shodan: title:"Cloudpanel" || http.title:"cloudpanel" || http.favicon.hash:"151132309"
FOFA: icon_hash="151132309" || title="cloudpanel"

References (3)

Scores

CVSS v3 9.8
EPSS 0.9412
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2024-02-14
InTheWild.io 2024-09-18
CWE
CWE-565
Status published
Products (1)
mgt-commerce/cloudpanel 2.0.0 - 2.3.1
Published Jun 20, 2023
Tracked Since Feb 18, 2026