CVE-2024-51378 - CyberPanel Incorrect Default Permissions Vulnerability
Project:CyberPersons
Product:CyberPanel
Date Added:2024-12-04Due Date:2024-12-25
Vulnerability Name
CyberPanel Incorrect Default Permissions Vulnerability
Description
CyberPanel contains an incorrect default permissions vulnerability that allows for authentication bypass and the execution of arbitrary commands using shell metacharacters in the statusfile property.
Known To Be Used in Ransomware Campaigns?
Known
Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://cyberpanel.net/KnowledgeBase/home/change-logs/
https://nvd.nist.gov/vuln/detail/CVE-2024-51378
Related News Articles
CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanelDecember 5, 2024