CVE-2024-51567

CRITICAL KEV RANSOMWARE NUCLEI

CyberPanel Multi CVE Pre-auth RCE

Title source: metasploit

Description

upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.

Exploits (5)

nomisec WORKING POC 5 stars
by ajayalf · remote
https://github.com/ajayalf/CVE-2024-51567
nomisec WORKING POC 1 stars
by thehash007 · remote
https://github.com/thehash007/CVE-2024-51567-RCE-EXPLOIT
nomisec WORKING POC
by KKDT12138 · poc
https://github.com/KKDT12138/cve-2024-51567-poc

Nuclei Templates (1)

CyberPanel v2.3.6 Pre-Auth Remote Code Execution
CRITICALVERIFIEDby DhiyaneshDK
Shodan: html:"CyberPanel"

References (8)

Scores

CVSS v3 10.0
EPSS 0.9431
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CISA KEV 2024-11-07
VulnCheck KEV 2024-10-29
InTheWild.io 2024-10-29
ENISA EUVD EUVD-2024-45733
Ransomware Use Confirmed
CWE
CWE-306
Status published
Products (1)
cyberpanel/cyberpanel < 2.3.8
Published Oct 29, 2024
KEV Added Nov 07, 2024
Tracked Since Feb 18, 2026