Metrics
Affected Vendors & Products
Fri, 06 Dec 2024 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-78 |
Thu, 05 Dec 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
kev
|
Wed, 04 Dec 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
kev
|
Wed, 04 Dec 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
kev
|
Wed, 04 Dec 2024 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-77 |
Wed, 04 Dec 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-276 | |
Metrics |
ssvc
|
ssvc
|
Tue, 03 Dec 2024 19:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-276 |
Tue, 03 Dec 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-77 | |
Metrics |
ssvc
|
ssvc
|
Wed, 30 Oct 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Cyberpanel
Cyberpanel cyberpanel |
|
Weaknesses | CWE-276 | |
CPEs | cpe:2.3:a:cyberpanel:cyberpanel:*:*:*:*:*:*:*:* | |
Vendors & Products |
Cyberpanel
Cyberpanel cyberpanel |
|
Metrics |
ssvc
|
Tue, 29 Oct 2024 23:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | getresetstatus in dns/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected. | getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected. |
Tue, 29 Oct 2024 23:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | getresetstatus in dns/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected. | |
References |
|
|
Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: mitre
Published: 2024-10-29T00:00:00
Updated: 2024-12-06T04:55:26.891Z
Reserved: 2024-10-28T00:00:00
Link: CVE-2024-51378
Updated: 2024-10-30T14:20:39.348Z
Status : Analyzed
Published: 2024-10-29T23:15:04.083
Modified: 2024-12-06T18:17:17.377
Link: CVE-2024-51378
No data.