CVE-2024-51378
CVE-2024-51378
In short
CyberPanel has a critical flaw where attackers can skip login checks and run any system commands on the server by sending specially crafted requests to specific URLs, exploiting a gap in security filters.
Technical detail
The getresetstatus endpoints in dns/views.py and ftp/views.py fail to enforce authentication on GET requests due to middleware protection limited to POST, allowing unauthenticated command injection via shell metacharacters in the statusfile parameter; OS command execution occurs without prior authentication or authorization checks.
Summary generated and translated by AI from the official description.
getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.
CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:N
Affected products
n/a · n/apublic PoCs found — 4
githubgithub.com/refr4g/CVE-2024-51378★ 22githubgithub.com/qnole000/CVE-2024-51378★ 0githubgithub.com/rimbadirgantara/CVE-2024-51378★ 0exploitdbwww.exploit-db.com/exploits/52172unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://cwe.mitre.org/data/definitions/420.htmlhttps://cwe.mitre.org/data/definitions/78.htmlhttps://cyberpanel.net/blog/detials-and-fix-of-recent-security-issue-and-patch-of-cyberpanelhttps://cyberpanel.net/KnowledgeBase/home/change-logs/https://github.com/usmannasir/cyberpanel/commit/1c0c6cbcf71abe573da0b5fddfb9603e7477f683https://refr4g.github.io/posts/cyberpanel-command-injection-vulnerability/https://www.bleepingcomputer.com/news/security/massive-psaux-ransomware-attack-targets-22-000-cyberpanel-instances/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-51378