Exploit for #VU99595 Improper authentication in CyberPanel

Published: 2024-11-01 | Updated: 2024-12-05

Vulnerability identifier: #VU99595

Vulnerability risk: Critical

CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]

CVE-ID: CVE-2024-51567

CWE-ID: CWE-287

Exploitation vector: Network

Exploits in database: 4

December 5, 2024
- CyberPanel Multi CVE Pre-auth RCE [Metasploit]
November 29, 2024
- cve-2024-51567-poc (CVE-2024-51567 is a Python PoC exploit targeting an RCE vulnerability in CyberPanel v2.3.6’s upgrademysqlstatus endpoint, bypassing CSRF protections.) [Github]
November 8, 2024
- CVE-2024-51567-RCE-EXPLOIT (cbyerpanel rce exploit) [Github]
November 1, 2024
- CVE-2024-51567 (CVE-2024-51567 is a Python PoC exploit targeting an RCE vulnerability in CyberPanel v2.3.6’s upgrademysqlstatus endpoint, bypassing CSRF protections.) [Github]

Vulnerable software:
CyberPanel
Web applications / Remote management & hosting panels

Vendor: CyberPanel