Description

CyberPanel contains an authentication bypass vulnerability that could allow an unauthenticated attacker to access restricted functionality and exploit RCE vulnerabilities to compromise the system.

Remediation

Upgrade to the latest version of CyberPanel.

References

What Are My OPTIONS? CyberPanel v2.3.6 pre-auth RCE

Details and fix of recent security issue and patch of CyberPanel

Related Vulnerabilities

Liferay DXP Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-26272)

Apache Traffic Server Improper Input Validation Vulnerability (CVE-2017-5659)

Oracle Database Server CVE-2018-2875 Vulnerability (CVE-2018-2875)

LimeSurvey Incorrect Default Permissions Vulnerability (CVE-2019-16186)

Moodle Resource Management Errors Vulnerability (CVE-2014-7847)

Severity

Critical

Classification

CVE-2024-51567 CVE-2024-51568 CVE-2024-51378 CWE-306 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Tags

Known Vulnerabilities Code Execution Authentication Bypass