CyberPanel upgrademysqlstatus authentication bypass and command injection
Added: 11/07/2024Background
CyberPanel is a web hosting control panel.Problem
A pair of vulnerabilities in the upgrademysqlstatus web resource could allow a remote attacker to bypass authentication using a PUT request and execute arbitrary commands with a specially crafted statusfile parameter.Resolution
Upgrade to the latest version of CyberPanel.References
https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rcehttps://cyberpanel.net/blog/detials-and-fix-of-recent-security-issue-and-patch-of-cyberpanel
Platforms
LinuxBack to exploit index