CVE-2024-51567 Scanner

CyberPanel is an open-source web hosting control panel used to manage websites, domains, and web accounts on a server. It is widely used by web hosting companies, developers, and small to medium-sized businesses for efficient server management. With CyberPanel, users can handle a variety of tasks such as creating websites, managing DNS records, and monitoring website performance. The software aims to simplify web hosting management through an intuitive interface, thus improving productivity for its users. CyberPanel supports integration with various tools for increased functionality. The platform is chosen for its balance between powerful features and user-friendliness.

The Remote Code Execution (RCE) vulnerability in CyberPanel arises when attackers exploit weak authentication controls to execute arbitrary commands on the server. This critical flaw enables remote attackers to bypass security measures and potentially compromise server integrity. Specifically, in affected versions, the vulnerability is located in the 'upgrademysqlstatus' endpoint. The issue's root cause is in how incoming POST requests are mishandled, allowing shell metacharacters to be exploited. CyberPanel users are thus exposed to serious security risks if the vulnerability is left unaddressed. This vulnerability underscores the importance of robust security practices in web applications.

Technically, the vulnerability lies in the 'upgrademysqlstatus' endpoint found in the databases/views.py of CyberPanel before commit 5b08cd6. The flaw allows crafting of special HTTP requests that bypass the 'secMiddleware' security check. By including shell metacharacters in the 'statusfile' property of the request, attackers can execute commands without proper credentials. Additionally, the lack of secure input validation in this function exacerbates the risk. Exploitation requires knowledge of crafting specific requests, making it accessible to experienced attackers. As this vulnerability can lead to full system compromise, immediate attention and remedial measures are crucial for any users on vulnerable versions.

When successfully exploited, this RCE vulnerability can lead to full control over the CyberPanel host server by malicious actors. Attackers can manipulate server data, access sensitive files, or install malicious software. The impact can range from data theft and server downtime to the complete destruction of digital assets. Additionally, unauthorized access gained through this vulnerability can facilitate further attacks on connected networks or systems. Hence, exploiting this vulnerability significantly jeopardizes the security posture of affected organizations, requiring urgent mitigation to prevent damage.

REFERENCES

• https://community.cyberpanel.net/t/cyberpanel-2-1-remote-code-execution-rce/31760
• https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce
• https://cwe.mitre.org/data/definitions/420.html
• https://cwe.mitre.org/data/definitions/78.html
• https://cyberpanel.net/KnowledgeBase/home/change-logs/