AI description
CVE-2024-51567 is an authentication bypass and command injection vulnerability found in CyberPanel, an open-source control panel for Linux servers. Specifically, the flaw resides within the `upgrademysqlstatus` function in the `databases/views.py` file. This vulnerability allows remote attackers to bypass authentication and execute arbitrary commands. The bypass occurs because the `secMiddleware` security mechanism, designed to protect sensitive endpoints, only validates POST requests. Attackers can exploit this by using alternative HTTP methods to access the `/dataBases/upgrademysqlstatus` endpoint without authentication. Once authentication is bypassed, shell metacharacters can be injected into the `statusfile` property, leading to arbitrary command execution. This issue affects CyberPanel versions through 2.3.6 and unpatched version 2.3.7, and has been actively exploited.
- Description
- upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- cyberpanel
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- CyberPanel Incorrect Default Permissions Vulnerability
- Exploit added on
- Nov 7, 2024
- Exploit action due
- Nov 28, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
以下の4脆弱性がランサムウェアに悪用されたことが確認された。米国サイバーセキュリティ・社会基盤安全保障庁(CISA)の既知の悪用された脆弱性カタログが更新。 - Windowsの権限昇格CVE-2024-49039, CVE-2024-30088 - Cy
@__kokumoto
29 Jan 2026
2771 Impressions
6 Retweets
36 Likes
16 Bookmarks
0 Replies
0 Quotes
Alert Background: Some of the key vulnerabilities they have exploited include CVE-2017-9805 (Apache Struts), CVE-2021-22205 (GitLab), CVE-2024-9047 (WordPress), CVE-2024-27198 and CVE-2024-27199 (TeamCity), CVE-2024-51378 and CVE-2024-51567 (CyberPanel) https://t.co/dSfmGWyicJ
@KootekSecurity
31 May 2025
82 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-51567
@transilienceai
20 Nov 2024
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-51567 has been classified as a CISA Known Exploited Vulnerability (KEV) related to CyberPanel. Know more about it and act now to safeguard your organization: https://t.co/WsiZvtQqwn #KEV #CyberSecurity #CVE #VulnerabilityManagement #CISO #Attaxion https://t.co/yRxywr
@attaxion
13 Nov 2024
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#DOYOUKNOWCVE CISA has added 4 new vulnerabilities to its Known Exploited Vulnerabilities Catalog. CVE-2024-51567: CyberPanel Incorrect Default Permissions. A permissions misconfiguration in CyberPanel allows unauthorized users to escalate privileges or access sensitive data.…
@Loginsoft_Inc
8 Nov 2024
37 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
1 Quote
CISA Alert: Active Exploitation of Critical Flaws 🚨 CISA warns of high-risk vulnerabilities: Palo Alto Expedition (CVE-2024-5910) Android (CVE-2024-43093) CyberPanel (CVE-2024-51567) Federal agencies advised to patch by Nov 28. #Cybersecurity #CISA #PaloAlto #Vulnerability ht
@redfoxsec
8 Nov 2024
57 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-51567 #CyberPanel Incorrect Default Permissions Vulnerability https://t.co/8uS0TanWTv
@ScyScan
7 Nov 2024
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cyber Panel-də təhlükəsizlik boşluğu (CVE-2024-51567) aşkar olunub. #ETX #certaz #cybersecurity #kibertəhlükəsizlik #xəbərdarlıq https://t.co/7Sl4LlYHyD
@CERTAzerbaijan
7 Nov 2024
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-51378 is getting exploited #inthewild. Find out more at https://t.co/9I24IDM7Wd CVE-2024-51567 is getting exploited #inthewild. Find out more at https://t.co/CHMCRKe7PP
@inthewildio
1 Nov 2024
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#DOYOUKNOWCVE PSAUX ransomware is targeting two critical vulnerabilities in CyberPanel—CVE-2024-51567 & CVE-2024-51568. CVE-2024-51567: Allows attackers to bypass authentication via the upgrademysqlstatus function. For more information: https://t.co/JC47FB76qm CVE-2024-51
@Loginsoft_Inc
1 Nov 2024
87 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CyberPanel: several critical zero-click unauthenticated root RCE URL: https://t.co/Uk76cNb5qv Classification: Critical, Solution: Temporary Fix, Exploit Maturity: High, CVSSv3.1: 10.0 CVEs: CVE-2024-51567, CVE-2024-51568, CVE-2024-51378 See also: - https://t.co/ewewfhR92l #cyberp
@CharyyevPerman
31 Oct 2024
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
PSAUX Ransomware exploits CyberPanel Vulnerabilities #PSAUXRansomware #CyberPanel #CVE-2024-51567 #CVE-2024-51568 #CVE-2024-51378 https://t.co/0c1xcVAZmm
@pravin_karthik
30 Oct 2024
75 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
PSAUX Ransomware is Exploiting Two Max Severity Flaws (CVE-2024-51567, CVE-2024-51568) in CyberPanel https://t.co/tuLmiS0Apl
@Dinosn
30 Oct 2024
2161 Impressions
3 Retweets
12 Likes
3 Bookmarks
0 Replies
0 Quotes
PSAUX Ransomware is Exploiting Two Max Severity Flaws (CVE-2024-51567, CVE-2024-51568) in CyberPanel https://t.co/LxqvoGcI4f Three critical remote code execution (RCE) vulnerabilities impacting CyberPanel, a widely used web hosting control panel, are under active exploitation.…
@f1tym1
30 Oct 2024
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-51567: CRITICAL] CyberPanel vulnerability in upgrademysqlstatus allows remote attackers to bypass authentication & execute arbitrary commands via shell metacharacters. Patched versions available.#cybersecurity,#vulnerability https://t.co/BawgspqKmC https://t.co/Etkj
@CveFindCom
29 Oct 2024
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-51567 upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary command… https://t.co/HLZnqlRzVw
@CVEnew
29 Oct 2024
532 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cyberpanel:cyberpanel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4AF5FFC6-208E-4DD5-B298-56EFD7047F47",
"versionEndExcluding": "2.3.8"
}
],
"operator": "OR"
}
]
}
]