CVE-2024-53376

HIGH

Cyberpanel < 2.3.8 - OS Command Injection

Title source: rule

Description

CyberPanel before 2.3.8 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the phpSelection field to the websites/submitWebsiteCreation URI.

Exploits (1)

nomisec WORKING POC 5 stars

by ThottySploity · poc

https://github.com/ThottySploity/CVE-2024-53376

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://github.com/ThottySploity/CVE-2024-53376

[Product] https://github.com/ThottySploity/CVE-2024-53376/blob/aa306187323bd1127d56803cb34cac8820b61484/cyberpanel.py#L70

[Exploit, Third Party Advisory] https://thottysploity.github.io/posts/cve-2024-53376

Scores

CVSS v3 8.8

EPSS 0.9038

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (1)

cyberpanel/cyberpanel < 2.3.8

Published Dec 16, 2024

Tracked Since Feb 18, 2026