Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-51568 PoC — CyberPanel 安全漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-51568.yaml
Associated Vulnerability
Title:CyberPanel 安全漏洞 (CVE-2024-51568)
Description:CyberPanel是Usman Nasir个人开发者的一款内置了DNS和电子邮件服务器的虚拟主机控制面板。 CyberPanel 2.3.5版本之前存在安全漏洞,该漏洞源于ProcessUtilities.outputExecutioner接收器中的completePath包含一个命令注入漏洞。
Description
CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner() sink. There is /filemanager/upload (aka File Manager upload) unauthenticated remote code execution via shell metacharacters.
File Snapshot

 id: CVE-2024-51568

info:
  name: CyberPanel - Command Injection
  author: s4e-io
  severity: critic

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.