CVE-2024-51378

getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.

CVSS v3 10.0 CRITICAL

10.0^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://cwe.mitre.org/data/definitions/420.html	Not Applicable
https://cwe.mitre.org/data/definitions/78.html	Not Applicable
https://cyberpanel.net/KnowledgeBase/home/change-logs/	Release Notes
https://cyberpanel.net/blog/detials-and-fix-of-recent-security-issue-and-patch-of-cyberpanel	Product
https://github.com/usmannasir/cyberpanel/commit/1c0c6cbcf71abe573da0b5fddfb9603e7477f683	Patch
https://refr4g.github.io/posts/cyberpanel-command-injection-vulnerability/	Exploit
https://www.bleepingcomputer.com/news/security/massive-psaux-ransomware-attack-targets-22-000-cyberpanel-instances/	Exploit Press/Media Coverage
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-51378	US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:cyberpanel:cyberpanel:*:*:*:*:*:*:*:*

History

07 Nov 2025, 19:02

Type	Values Removed	Values Added
References	~~() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-51378 -~~	() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-51378 - US Government Resource

Information

Published : 2024-10-29 23:15

Updated : 2025-11-07 19:02

NVD link : CVE-2024-51378

Mitre link : CVE-2024-51378

CVE.ORG link : CVE-2024-51378

JSON object : View

Products Affected

cyberpanel

cyberpanel

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2024-51378", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-10-29T23:15:04.083", "references": [{"url": "https://cwe.mitre.org/data/definitions/420.html", "tags": ["Not Applicable"], "source": "[email protected]"}, {"url": "https://cwe.mitre.org/data/definitions/78.html", "tags": ["Not Applicable"], "source": "[email protected]"}, {"url": "https://cyberpanel.net/KnowledgeBase/home/change-logs/", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://cyberpanel.net/blog/detials-and-fix-of-recent-security-issue-and-patch-of-cyberpanel", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://github.com/usmannasir/cyberpanel/commit/1c0c6cbcf71abe573da0b5fddfb9603e7477f683", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://refr4g.github.io/posts/cyberpanel-command-injection-vulnerability/", "tags": ["Exploit"], "source": "[email protected]"}, {"url": "https://www.bleepingcomputer.com/news/security/massive-psaux-ransomware-attack-targets-22-000-cyberpanel-instances/", "tags": ["Exploit", "Press/Media Coverage"], "source": "[email protected]"}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-51378", "tags": ["US Government Resource"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-78"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected."}, {"lang": "es", "value": " getresetstatus en dns/views.py y ftp/views.py en CyberPanel (tambi\u00e9n conocido como Cyber Panel) anterior a 1c0c6cb permite a atacantes remotos omitir la autenticaci\u00f3n y ejecutar comandos arbitrarios a trav\u00e9s de /dns/getresetstatus o /ftp/getresetstatus omitiendo secMiddleware (que es solo para una solicitud POST) y utilizando metacaracteres de shell en la propiedad statusfile, como lo explot\u00f3 PSAUX en octubre de 2024. Las versiones hasta 2.3.6 y 2.3.7 (sin parchear) se ven afectadas."}], "lastModified": "2025-11-07T19:02:54.823", "cisaActionDue": "2024-12-25", "cisaExploitAdd": "2024-12-04", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cyberpanel:cyberpanel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4AF5FFC6-208E-4DD5-B298-56EFD7047F47", "versionEndExcluding": "2.3.8"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "CyberPanel Incorrect Default Permissions Vulnerability"}