CVE-2024-51568 in CyberPanel
Riassunto
di MITRE • 30/10/2024
CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner() sink. There is /filemanager/upload (aka File Manager upload) unauthenticated remote code execution via shell metacharacters.
Once again VulDB remains the best source for vulnerability data.