CVE-2024-51378 Scanner

CyberPanel is a popular web hosting control panel widely used by hosting companies and individual administrators to manage web hosting environments. It offers an easy-to-use interface and efficient tools for managing websites, domains, and databases. CyberPanel is compatible with both VPS and cloud servers, providing a platform for managing web applications and server settings. Its intuitive design simplifies the management of complex server functions and ensures high performance and security for hosting services.

The Command Injection vulnerability identified in CyberPanel could allow attackers to execute arbitrary commands on the server. This vulnerability occurs due to insufficient validation of user input in certain endpoints, specifically involving the 'statusfile' parameter. The improper sanitization of inputs could leave the application exposed to shell command executions by unauthorized users. The vulnerability affects the proper functioning of the security middleware, which fails to validate OPTIONS requests adequately. If exploited, attackers could gain unauthorized control over the server.

Technical analysis reveals that both the /ftp/getresetstatus and /dns/getresetstatus endpoints are susceptible to this vulnerability. Attackers can exploit this flaw by manipulating the 'statusfile' parameter to run unauthorized commands. The system's failure to thoroughly inspect incoming requests, especially OPTIONS requests, opens these endpoints for exploitation. Proper monitoring of POST requests and adequate input validation methods are essential to mitigate this risk effectively.

Exploitation of this vulnerability could lead to severe consequences such as unauthorized access, data breaches, or system compromise. Attackers could potentially execute harmful commands, leading to denial of service, data leakage, or server hijacking. The impact is critical as it undermines the integrity of the server and the confidentiality of the hosted data. System administrators are advised to address this vulnerability promptly to prevent any potential exploitation attempts.

REFERENCES

• https://www.bleepingcomputer.com/news/security/massive-psaux-ransomware-attack-targets-22-000-cyberpanel-instances/
• https://refr4g.github.io/posts/cyberpanel-command-injection-vulnerability/
• https://nvd.nist.gov/vuln/detail/CVE-2024-51378