Cyber Resilience

CVE-2024-51567

CriticalCISA KEVActive ExploitationEUVD ExploitedPublic PoCRansomware-linked

Published: 29 October 2024

Published
29 October 2024
Modified
07 November 2025
KEV Added
07 November 2024
Patch
27 October 2024
CVSS Score v3.1 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.9431 100.0th percentile
Risk Priority 97 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-51567 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Cyberpanel Cyberpanel. Its CVSS base score is 10.0 (Critical).

Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CyberPanel, an open-source web hosting control panel, contains a critical authentication bypass and command injection vulnerability in the upgrademysqlstatus function within databases/views.py. The flaw affects all versions through 2.3.6 and unpatched 2.3.7 prior to commit 5b08cd6, allowing unauthenticated remote attackers to reach the endpoint /dataBases/upgrademysqlstatus. Because secMiddleware is applied only to POST requests, an attacker can submit a GET request containing shell metacharacters in the statusfile parameter to execute arbitrary operating-system commands with the privileges of the CyberPanel process.

An unauthenticated attacker can therefore achieve full remote code execution on the underlying server, including the ability to read or modify hosted data, alter system configurations, or pivot to other assets. The vulnerability carries a CVSS score of 10.0 and is tracked under CWE-306 (Missing Authentication for Critical Function) and related injection weaknesses.

CyberPanel’s official change-log and security advisory describe the issue and direct users to apply the patch released after disclosure; administrators are advised to upgrade immediately to a build containing commit 5b08cd6 or later and to restrict administrative interfaces from untrusted networks until the update is complete.

The flaw was exploited in the wild in October 2024 by the threat actor PSAUX, and the current EPSS of 0.9431 indicates sustained exploitation interest following public disclosure.

EU & UK References

Vulnerability details

upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property,…

more

as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.

CWE(s)
KEV Date Added
07 November 2024

Related Threats

Threat-Actor AttributionAI

PSAUX
Exploited in the wild October 2024 per CyberPanel disclosure and BleepingComputer report on PSAUX ransomware campaign targeting 22k instances.

Affected Assets

cyberpanel
cyberpanel
≤ 2.3.8

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces authentication and authorization checks on the /dataBases/upgrademysqlstatus endpoint before any command execution can occur.

prevent

Requires validation and sanitization of the statusfile parameter to block shell metacharacters that enable arbitrary command injection.

prevent

Limits privileges of the CyberPanel web process so that even a successful injection yields only minimal system impact.

References