CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-51567

Critical Severity
Cyberpanel
SVRS
90/100
CVSSv3
9.8/10
EPSS
0.94261/1

CVE-2024-51567 is a critical authentication bypass vulnerability in CyberPanel that allows remote attackers to execute arbitrary commands. This flaw exists in the upgrademysqlstatus function within databases/views.py in CyberPanel versions before 5b08cd6, affecting versions through 2.3.6 and unpatched 2.3.7. Attackers can exploit this by bypassing the secMiddleware, which is only intended for POST requests, and injecting shell metacharacters into the statusfile property via the /dataBases/upgrademysqlstatus endpoint. Given the SVRS score of 90, this is a critical vulnerability requiring immediate patching and mitigation. The vulnerability is actively being exploited in the wild, making it an urgent threat, with readily available exploits, emphasizing the need for prompt action to prevent potential system compromise and unauthorized access. The existence of a CISA KEV tag means it is a Known Exploited Vulnerability.

TAGS
In The Wild
Exploit Avaliable
CISA KEV
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-10-29
LAST MODIFIED2025-04-03
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-51567 is a critical vulnerability in CyberPanel that allows remote attackers to bypass authentication and execute arbitrary commands. This vulnerability has a CVSS score of 10, indicating its severe impact. The SVRS for this CVE is 0, which means that it is not currently being actively exploited.

Key Insights:

  • This vulnerability allows attackers to gain unauthorized access to systems and execute malicious commands.
  • The vulnerability is being actively exploited in the wild by PSAUX.
  • Versions of CyberPanel through 2.3.6 and (unpatched) 2.3.7 are affected.

Mitigation Strategies:

  • Update CyberPanel to the latest version (2.3.7 or later).
  • Implement strong authentication measures, such as two-factor authentication.
  • Monitor systems for suspicious activity and take appropriate action if necessary.
  • Restrict access to sensitive data and systems.

Additional Information:

  • The Cybersecurity and Infrastructure Security Agency (CISA) has warned of this vulnerability, calling for immediate and necessary measures.
  • If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
ajayalf/CVE-2024-51567https://github.com/ajayalf/CVE-2024-515672024-10-31
thehash007/CVE-2024-51567-RCE-EXPLOIThttps://github.com/thehash007/CVE-2024-51567-RCE-EXPLOIT2024-11-07
CyberPanel Incorrect Default Permissions Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-515672024-11-07
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Metasploit Weekly Wrap-Up 12/13/2024
Spencer McIntyre2024-12-13
Metasploit Weekly Wrap-Up 12/13/2024 | It’s raining RCEs! It's the second week of December and the weather forecast announced another storm of RCEs in Metasploit-Framework land. This weekly release includes RCEs for Moodle e-Learning platform, Primefaces, WordPress Really Simple SSL and CyberPanel along with two modules to change password through LDAP and SMB protocol.It’s raining RCEs! <img alt="Metasploit
rapid7.com
rss
forum
news
CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability
Ajit Jasrotia2024-11-08
CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched critical security flaw impacting Palo Alto Networks Expedition to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-5910 (CVSS score: 9.3), concerns a case of missing authentication in the Expedition migration tool that could lead [&#8230;] The post CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability<
allhackernews.com
rss
forum
news
U.S. CISA adds Palo Alto Expedition, Android, CyberPanel and Nostromo nhttpd bugs to its Known Exploited Vulnerabilities catalog
Pierluigi Paganini2024-11-07
U.S. CISA adds Palo Alto Expedition, Android, CyberPanel and Nostromo nhttpd bugs to its Known Exploited Vulnerabilities catalog | U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Palo Alto Expedition, Android, CyberPanel and Nostromo nhttpd bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: CVE-2024-43093 &#8211; this week, Google warned that the vulnerability CVE-2024-43093 in the Android OS is [&#8230;] <h2
securityaffairs.co
rss
forum
news
CISA Adds Four Known Exploited Vulnerabilities to Catalog
CISA2024-11-07
CISA Adds Four Known Exploited Vulnerabilities to Catalog | CISA has added four new vulnerabilities to its&nbsp;Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-43093&nbsp;Android Framework Privilege Escalation Vulnerability CVE-2024
cisa.gov
rss
forum
news
Vulnerable Fortinet, SonicWall devices proliferate online - SC Media
2024-11-04
Vulnerable Fortinet, SonicWall devices proliferate online - SC Media | News Content: November 4, 2024 Share Actively exploited Fortinet and SonicWall vulnerabilities impact nearly 1 million internet-exposed devices, The Cyber Express reports. While 427,000 Fortinet devices running on FortiOS, FortiProxy, FortiSwitchManager, and FortiPAM iterations impacted by the critical CVE-2024-23113 flaw, another 62,000 FortiManager instances remain susceptible to attacks leveraging the CVE-2024-47575 bug, also known as FortiJump, according to a report from Cyble. On the other hand, SonicWall had over 486,000 online devices vulnerable to the critical improper access control issue, tracked as CVE-2024
cve-2024-47575
cve-2024-51567
cve-2024-51568
cve-2024-40766
Major IT Vulnerabilities Reported in Fortinet, SonicWall, Grafana - The Cyber Express
2024-11-04
Major IT Vulnerabilities Reported in Fortinet, SonicWall, Grafana - The Cyber Express | News Content: Cyble Research and Intelligence Labs (CRIL) has identified new IT vulnerabilities affecting Fortinet, SonicWall, Grafana Labs, and CyberPanel, among others. The report for the week of October 23-29 highlights seven IT vulnerabilities that require urgent attention from security teams, particularly given the sheer number of exposed devices involved. The latest findings indicate that vulnerabilities in Fortinet, SonicWall, and Grafana Labs impact over 1 million web-facing assets. Notably, two high-severity vulnerabilities in CyberPanel have already been leveraged in widespread ransomware attacks. Organizations are urged to
google.com
rss
forum
news
CVE-2024-51567 | PSAUX CyberPanel 2.3.6/2.3.7 secMiddleware databases/views.py upgrademysqlstatus os command injection
vuldb.com2024-11-03
CVE-2024-51567 | PSAUX CyberPanel 2.3.6/2.3.7 secMiddleware databases/views.py upgrademysqlstatus os command injection | A vulnerability was found in PSAUX CyberPanel 2.3.6/2.3.7. It has been declared as very critical. This vulnerability affects the function upgrademysqlstatus of the file databases/views.py of the component secMiddleware. The manipulation leads to os command injection. This vulnerability was named CVE
vuldb.com
rss
forum
news

Social Media

#DOYOUKNOWCVE CISA has added 4 new vulnerabilities to its Known Exploited Vulnerabilities Catalog. CVE-2024-51567: CyberPanel Incorrect Default Permissions. A permissions misconfiguration in CyberPanel allows unauthorized users to escalate privileges or access sensitive data. https://t.co/zLf1eZDd4a
0
0
0
CISA が既知の悪用された脆弱性 4 件をカタログに追加 CISA Adds Four Known Exploited Vulnerabilities to Catalog #CISA (Nov 7) - CVE-2024-43093 Android Framework Privilege Escalation Vulnerability - CVE-2024-51567 CyberPanel Incorrect Default Permissions Vulnerability -
0
0
1
CVE-2024-51378 is getting exploited #inthewild. Find out more at https://t.co/9I24IDM7Wd CVE-2024-51567 is getting exploited #inthewild. Find out more at https://t.co/CHMCRKe7PP
0
0
0
🚨#DataBreach🚨 On October 27, a cybersecurity researcher named DreyAnd disclosed two critical vulnerabilities in CyberPanel, a popular web hosting control panel. These vulnerabilities, tracked as CVE-2024-51567 (aut... https://t.co/wrThOwcqn5 iocs: https://buff.ly/3UwbCNj
0
0
0
PSAUX Ransomware is Exploiting Two Max Severity Flaws (CVE-2024-51567, CVE-2024-51568) in CyberPanel https://t.co/LxqvoGcI4f Three critical remote code execution (RCE) vulnerabilities impacting CyberPanel, a widely used web hosting control panel, are under active exploitation.…
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppCyberpanelcyberpanel

References

ReferenceLink
[email protected]https://cwe.mitre.org/data/definitions/420.html
[email protected]https://cwe.mitre.org/data/definitions/78.html
[email protected]https://cyberpanel.net/KnowledgeBase/home/change-logs/
[email protected]https://cyberpanel.net/blog/detials-and-fix-of-recent-security-issue-and-patch-of-cyberpanel
[email protected]https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce
[email protected]https://github.com/usmannasir/cyberpanel/commit/5b08cd6d53f4dbc2107ad9f555122ce8b0996515
[email protected]https://www.bleepingcomputer.com/news/security/massive-psaux-ransomware-attack-targets-22-000-cyberpanel-instances/
GITHUBhttps://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce
GITHUBhttps://www.bleepingcomputer.com/news/security/massive-psaux-ransomware-attack-targets-22-000-cyberpanel-instances/
[email protected]https://cwe.mitre.org/data/definitions/420.html
[email protected]https://cwe.mitre.org/data/definitions/78.html
[email protected]https://cyberpanel.net/KnowledgeBase/home/change-logs/
[email protected]https://cyberpanel.net/blog/detials-and-fix-of-recent-security-issue-and-patch-of-cyberpanel
[email protected]https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce
[email protected]https://github.com/usmannasir/cyberpanel/commit/5b08cd6d53f4dbc2107ad9f555122ce8b0996515
[email protected]https://www.bleepingcomputer.com/news/security/massive-psaux-ransomware-attack-targets-22-000-cyberpanel-instances/

CWE Details

CWE IDCWE NameDescription
CWE-306Missing Authentication for Critical FunctionThe software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
CWE-276Incorrect Default PermissionsDuring installation, installed file permissions are set to allow anyone to modify those files.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence