VDB
CISA-2024-51568
CISA-2024-51568
PUBLISHED
CVSS 10 CRITICAL
Reported by mitre · Published October 29, 2024
CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner() sink. There is /filemanager/upload (aka File Manager upload) unauthenticated remote code execution via shell metacharacters.
Risk Scores
CVSS 3.1
10
CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | n/a, n/a |
| cyber_panel | cyber_panel | 0, 0 |
Timeline
- Oct 29, 2024 CVE Published
- Oct 29, 2024 CVE Updated