CVE-2024-51378 in CyberPanelinfo

Summary

by MITRE • 10/30/2024

getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 11/07/2025

The vulnerability identified as CVE-2024-51378 represents a critical authentication bypass flaw in CyberPanel, a popular web hosting control panel solution. This vulnerability exists in the dns/views.py and ftp/views.py modules within the CyberPanel application, specifically affecting versions prior to commit 1c0c6cb. The flaw allows remote attackers to execute arbitrary commands by exploiting a weakness in the security middleware implementation. The vulnerability manifests through the /dns/getresetstatus and /ftp/getresetstatus endpoints, which are designed to handle status file operations but fail to properly validate input parameters.

The technical implementation of this vulnerability stems from insufficient input validation and improper security layer enforcement. The secMiddleware component, which is intended to protect these endpoints, only applies to POST requests, leaving GET requests vulnerable to exploitation. Attackers can leverage this by manipulating the statusfile property parameter to inject shell metacharacters, effectively bypassing authentication mechanisms. This type of vulnerability falls under CWE-20, known as Improper Input Validation, where the application fails to properly validate or sanitize user-supplied input before processing it. The exploitation technique demonstrates a classic command injection vulnerability, where attacker-controlled data is interpreted as shell commands.

The operational impact of this vulnerability is severe, as it provides attackers with arbitrary command execution capabilities on the affected system. This means that malicious actors can potentially gain full control over the hosting server, execute malicious code, access sensitive data, and compromise the entire hosting environment. The vulnerability was actively exploited in the wild during October 2024 by the PSAUX threat actor group, indicating that it was not merely a theoretical risk but a real-world threat that organizations needed to address immediately. The affected versions through 2.3.6 and the unpatched 2.3.7 demonstrate that this vulnerability had been present for some time, potentially allowing attackers to establish persistent backdoors and conduct extended reconnaissance activities.

Organizations running affected versions of CyberPanel should immediately apply the security patch referenced in commit 1c0c6cb to address this vulnerability. The mitigation strategy should include implementing proper input validation for all user-supplied parameters, ensuring that security middleware applies consistently across all HTTP methods, and conducting thorough security reviews of all endpoint implementations. Additionally, network segmentation and monitoring should be enhanced to detect potential exploitation attempts, as the vulnerability can be used to establish persistent access to affected systems. This vulnerability aligns with ATT&CK technique T1059.001, Command and Scripting Interpreter: PowerShell, and T1021.004, Remote Services: SSH, as it enables attackers to execute commands on the target system through legitimate administrative interfaces. The exploitation pattern suggests that attackers may attempt to use this vulnerability to establish footholds for further lateral movement within compromised networks, making immediate remediation essential for maintaining overall security posture.

Responsible

MITRE

Reservation

10/28/2024

Disclosure

10/30/2024

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.94878

KEV

yes

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!