CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner() sink. There is /filemanager/upload (aka File Manager upload) unauthenticated remote code execution via shell metacharacters.
References
| Link | Resource |
|---|---|
| https://cwe.mitre.org/data/definitions/78.html | Product |
| https://cyberpanel.net/blog/cyberpanel-v2-3-5 | Release Notes |
| https://cyberpanel.net/KnowledgeBase/home/change-logs/ | Release Notes |
| https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce | Exploit Third Party Advisory |
Configurations
History
07 Jul 2025, 16:17
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Cyberpanel cyberpanel
Cyberpanel |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
| CPE | cpe:2.3:a:cyberpanel:cyberpanel:*:*:*:*:*:*:*:* | |
| References | () https://cyberpanel.net/KnowledgeBase/home/change-logs/ - Release Notes | |
| References | () https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce - Exploit, Third Party Advisory | |
| References | () https://cwe.mitre.org/data/definitions/78.html - Product | |
| References | () https://cyberpanel.net/blog/cyberpanel-v2-3-5 - Release Notes |
29 Oct 2024, 23:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-10-29 23:15
Updated : 2025-07-07 16:17
NVD link : CVE-2024-51568
Mitre link : CVE-2024-51568
JSON object : View
Products Affected
cyberpanel
- cyberpanel
CWE
No CWE.