Vulnerability DatabaseCVE-2024-51567

CVE-2024-51567:
Cyberpanel vulnerability analysis and mitigation

upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.

Source: NVD

Related Cyberpanel vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2024-51568	CRITICAL	9.8	Cyberpanel	cpe:2.3:a:cyberpanel:cyberpanel	No	Yes	Oct 29, 2024
CVE-2024-51567	CRITICAL	9.8	Cyberpanel	cpe:2.3:a:cyberpanel:cyberpanel	Yes	Yes	Oct 29, 2024
CVE-2024-53376	HIGH	8.8	Cyberpanel	cpe:2.3:a:cyberpanel:cyberpanel	No	Yes	Dec 16, 2024
CVE-2024-54679	MEDIUM	6.5	Cyberpanel	cpe:2.3:a:cyberpanel:cyberpanel	No	Yes	Dec 05, 2024
CVE-2024-56112	MEDIUM	6.1	Cyberpanel	cpe:2.3:a:cyberpanel:cyberpanel	No	Yes	Dec 16, 2024

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

A threat intelligence database

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."

David EstlickCISO

"Wiz provides a single pane of glass to see what is going on in our cloud environments."

Adam FletcherChief Security Officer

"We know that if Wiz identifies something as critical, it actually is."

Greg PoniatowskiHead of Threat and Vulnerability Management

Get a demo

CVE-2024-51567: Cyberpanel vulnerability analysis and mitigation