ums91
commented
2 hours ago This vulnerability is not applicable to any systems.
Closed ums91 closed 2 hours ago
ums91
commented
2 hours ago This vulnerability is not applicable to any systems.
Summary
Confirm if CyberPersons CyberPanel vulnerability below is applicable to any systems.
Reference
From CISA Known Exploited Vulnerabilities Catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
CVE-2024-51567
Severity
CRITICAL - CVSS v3.1 - (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Detailed description of the vulnerability
upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.
Reporter
CISA