Shodan
Vulnerabilities
Vulnerable Software
Cyberpanel:  >> Cyberpanel  >> 1.7.2  Security Vulnerabilities
CVE-2024-56112
CyberPanel (aka Cyber Panel) before f0cf648 allows XSS via token or username to plogical/phpmyadminsignin.php.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-12-16
CVE-2024-53376
CyberPanel before 2.3.8 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the phpSelection field to the websites/submitWebsiteCreation URI.
CVSS Score
8.8
EPSS Score
0.842
Published
2024-12-16
CVE-2024-54679
CyberPanel (aka Cyber Panel) before 6778ad1 does not require the FilemanagerAdmin capability for restartMySQL actions.
CVSS Score
4.3
EPSS Score
0.011
Published
2024-12-05
CVE-2024-51378
Known exploited
getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.
CVSS Score
10.0
EPSS Score
0.941
Published
2024-10-29
CVE-2024-51567
Known exploited
upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.
CVSS Score
10.0
EPSS Score
0.943
Published
2024-10-29
CVE-2024-51568
CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner() sink. There is /filemanager/upload (aka File Manager upload) unauthenticated remote code execution via shell metacharacters.
CVSS Score
10.0
EPSS Score
0.917
Published
2024-10-29
CVE-2019-13056
An issue was discovered in CyberPanel through 1.8.4. On the user edit page, an attacker can edit the administrator's e-mail and password because of the lack of CSRF protection.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-07-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved