CVE-2024-51378

This exploit leverages a command injection vulnerability in CyberPanel versions 2.3.5 to 2.3.7 (pre-patch) via the '/ftp/getresetstatus' or '/dns/getresetstatus' endpoints. It bypasses CSRF protection and injects commands into the 'statusfile' parameter.

This is a functional exploit for CVE-2024-51378, a command injection vulnerability in CyberPanel. It leverages crafted OPTIONS requests to vulnerable endpoints to achieve unauthenticated remote code execution.

This repository contains a functional exploit for CVE-2024-51378, targeting CyberPanel versions up to 2.3.7. The exploit leverages a Remote Code Execution (RCE) vulnerability via CSRF token manipulation and endpoint injection, allowing arbitrary command execution or SSH key deployment.

The repository contains a working PoC for CVE-2024-51378, demonstrating command injection via OPTIONS requests to specific endpoints in CyberPanel. It includes scripts for exploitation and scanning vulnerable hosts.

This Metasploit module exploits three separate unauthenticated Remote Code Execution vulnerabilities in CyberPanel (CVE-2024-51567, CVE-2024-51568, CVE-2024-51378) via command injection in different endpoints. It includes detection, vulnerability testing, and payload execution capabilities.