CVE-2024-51567 in CyberPanelinfo

Summary

by MITRE • 10/30/2024

upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 01/29/2026

The vulnerability CVE-2024-51567 represents a critical authentication bypass flaw in CyberPanel, a popular web hosting control panel solution. This issue affects versions prior to commit 5b08cd6 and specifically targets the database management functionality within the application. The vulnerability exists in the databases/views.py file where the upgrademysqlstatus endpoint fails to properly validate input parameters, creating a pathway for remote attackers to execute arbitrary commands on the affected system. The flaw is particularly dangerous because it allows attackers to bypass the security middleware that should normally protect against unauthorized access, making it a significant concern for system administrators managing web hosting environments.

The technical implementation of this vulnerability stems from improper input validation within the statusfile property handling. When the upgrademysqlstatus endpoint processes requests, it fails to adequately sanitize user-supplied input before using it in shell commands. This creates a classic command injection vulnerability where attackers can manipulate the statusfile parameter to include shell metacharacters such as semicolons, pipes, or backticks. The security middleware that should normally protect this endpoint only applies to POST requests, leaving GET requests and other methods vulnerable to exploitation. This design flaw allows attackers to bypass authentication mechanisms entirely and gain direct system access through the database management interface.

The operational impact of this vulnerability is severe and far-reaching for organizations using affected versions of CyberPanel. Remote attackers can execute arbitrary commands with the privileges of the web application user, potentially leading to full system compromise, data exfiltration, or service disruption. The vulnerability has been actively exploited in the wild since October 2024 by threat actors using the PSAUX malware, indicating that it represents a real and present danger to the hosting industry. Organizations running affected versions are particularly at risk as this vulnerability allows attackers to escalate privileges and gain persistent access to their hosting infrastructure. The exploitation process is relatively straightforward, requiring only knowledge of the vulnerable endpoint and basic understanding of shell command injection techniques.

This vulnerability maps directly to CWE-78, which describes improper neutralization of special elements used in OS commands, and aligns with ATT&CK technique T1059.004 for command and scripting interpreter. The flaw demonstrates poor input validation practices and inadequate security controls that should be implemented at multiple layers of the application architecture. Organizations should immediately implement mitigations including patching to the latest version of CyberPanel, implementing network-based restrictions to limit access to the vulnerable endpoint, and monitoring for suspicious activity related to database management functions. Additional defensive measures should include input sanitization at the application level, implementing proper authentication controls for all endpoints, and conducting regular security assessments of web applications to identify similar vulnerabilities in the codebase. The exploitation of this vulnerability in the wild underscores the importance of maintaining up-to-date security patches and implementing comprehensive security monitoring solutions to detect and respond to active attacks.

Responsible

MITRE

Reservation

10/29/2024

Disclosure

10/30/2024

Moderation

accepted

CPE

ready

EPSS

0.86725

KEV

yes

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!