module
CyberPanel Multi CVE Pre-auth RCE
| Disclosed |
|---|
| Oct 27, 2024 |
Disclosed
Oct 27, 2024
Description
This module exploits three separate unauthenticated Remote Code Execution vulnerabilities in CyberPanel:
- CVE-2024-51567: Command injection vulnerability in the "upgrademysqlstatus" endpoint.
- CVE-2024-51568: Command Injection via the "completePath" parameter in the "outputExecutioner" sink.
- CVE-2024-51378: Unauthenticated RCE in "/ftp/getresetstatus" and "/dns/getresetstatus".
These vulnerabilities were exploited in ransomware campaigns affecting over 22,000 CyberPanel instances, with the PSAUX ransomware being the primary actor in these attacks.
- CVE-2024-51567: Command injection vulnerability in the "upgrademysqlstatus" endpoint.
- CVE-2024-51568: Command Injection via the "completePath" parameter in the "outputExecutioner" sink.
- CVE-2024-51378: Unauthenticated RCE in "/ftp/getresetstatus" and "/dns/getresetstatus".
These vulnerabilities were exploited in ransomware campaigns affecting over 22,000 CyberPanel instances, with the PSAUX ransomware being the primary actor in these attacks.
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.