Cyber Resilience

CVE-2024-53376

HighPublic PoCRCE

Published: 16 December 2024

Published
16 December 2024
Modified
05 September 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9117 99.7th percentile
Risk Priority 72 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-53376 is a high-severity OS Command Injection (CWE-78) vulnerability in Cyberpanel Cyberpanel. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 0.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CyberPanel versions prior to 2.3.8 contain an OS command injection vulnerability (CWE-78) that permits remote authenticated users to execute arbitrary commands. The flaw is triggered when unsanitized shell metacharacters are supplied in the phpSelection parameter to the websites/submitWebsiteCreation endpoint, allowing the input to be passed directly to an underlying system shell.

An attacker with a valid CyberPanel account can therefore achieve full command execution on the server. The CVSS 8.8 vector reflects network accessibility, low attack complexity, and low privileges, resulting in complete compromise of confidentiality, integrity, and availability without user interaction.

Public proof-of-concept code has been released that demonstrates the injection and provides ready-to-use exploit scripts. No official vendor advisory or patch details appear in the supplied references; the version constraint indicates that upgrading to CyberPanel 2.3.8 or later is the intended remediation. The associated EPSS score of 0.9117 reflects substantial exploitation interest following disclosure.

EU & UK References

Vulnerability details

CyberPanel before 2.3.8 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the phpSelection field to the websites/submitWebsiteCreation URI.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Authenticated OS command injection via shell metacharacters in CyberPanel web panel (public-facing application) enables exploitation (T1190) and remote Unix shell command execution (T1059.004) as root.

Affected Assets

cyberpanel
cyberpanel
≤ 2.3.8

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References