Exploit for #VU99595 Improper authentication in CyberPanel

Exploit for #VU99595 Improper authentication in CyberPanel

Published: 2024-11-01

Vulnerability identifier: #VU99595

Vulnerability risk: Critical

CVSSv3.1: 9.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2024-51567

CWE-ID: CWE-287

Exploitation vector: Network

Exploits in database: 1

November 1, 2024
- CVE-2024-51567 (CVE-2024-51567 is a Python PoC exploit targeting an RCE vulnerability in CyberPanel v2.3.6’s upgrademysqlstatus endpoint, bypassing CSRF protections.) [Github]

Impact: Code execution

Vulnerable software:
CyberPanel
Web applications / Remote management & hosting panels

Vendor: CyberPanel