CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner() sink. There is /filemanager/upload (aka File Manager upload) unauthenticated remote code execution via shell metacharacters.
Published: 2024-10-29
CVSS: 10.0
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Download CVE-2024-51568 POC (Proof-of-Concept) here:
Tip: Download official Tor Browser at https://www.torproject.org/download/ to access .onion links.
Check my portfolio here:
https://tlncglobal.com/poc-709-cve-2024-56059/
https://tlncglobal.com/poc-223-cve-2025-34107/
https://tlncglobal.com/poc-968-cve-2024-45410/
Taisja Laudy to jedna z najbardziej doświadczonychGallup Certified Global Strengths Coachw Polsce i Europie.