VDB

CISA-2024-51568

CISA-2024-51568 PUBLISHED CVSS 10 CRITICAL

Reported by mitre · Published October 29, 2024

CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner() sink. There is /filemanager/upload (aka File Manager upload) unauthenticated remote code execution via shell metacharacters.

Risk Scores

CVSS 3.1
10
CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:N

Affected Products

VendorProductVersions
n/an/an/a
n/an/an/a, n/a
cyber_panelcyber_panel0, 0

Timeline

  • Oct 29, 2024 CVE Published
  • Oct 29, 2024 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›