CVE-2024-44765

MEDIUM

MGT-COMMERCE GmbH CloudPanel <2.4.2 - Auth Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-44765. PoCs published by josephgodwinkimani.

AI-analyzed exploit summary This repository provides recovery instructions for systems compromised via CVE-2024-44765, an improper authorization vulnerability in CloudPanel 2.0.0 to 2.4.2. It includes steps for resetting passwords, removing unauthorized access, and updating to a patched version (2.5.0).

Description

An Improper Authorization (Access Control Misconfiguration) vulnerability in MGT-COMMERCE GmbH CloudPanel v2.0.0 to v2.4.2 allows low-privilege users to bypass access controls and gain unauthorized access to sensitive configuration files and administrative functionality.

Exploits (1)

nomisec WRITEUP 1 stars
by josephgodwinkimani · poc
https://github.com/josephgodwinkimani/cloudpanel-2.4.2-CVE-2024-44765-recovery

This repository provides recovery instructions for systems compromised via CVE-2024-44765, an improper authorization vulnerability in CloudPanel 2.0.0 to 2.4.2. It includes steps for resetting passwords, removing unauthorized access, and updating to a patched version (2.5.0).

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: MGT-COMMERCE GmbH CloudPanel versions 2.0.0 to 2.4.2
No auth needed
Prerequisites: Access to the compromised system · Ability to run commands as root or sudo · New installation of CloudPanel v2.5.0 for recovery files
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 6.5
EPSS 0.0065
EPSS Percentile 46.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-863
Status published
Published Nov 08, 2024
Tracked Since Feb 18, 2026