CVE-2024-51567 in CyberPanelinformazioni

Riassunto

di MITRE • 30/10/2024

upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Responsabile

MITRE

Prenotare

29/10/2024

Divulgazione

30/10/2024

Moderazione

accettato

CPE

pronto

EPSS

0.86725

KEV

si

Attività

molto basso

Fonti

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!