RULE(RULE ID:338527)

Rule General Information
Release Date: 2024-11-13
Rule Name: Cyberpanel upgrademysqlstatus Remote Code Execution Vulnerability (CVE-2024-51567)
Severity:
CVE ID:
Rule Protection Details
Description: Cyberpanel is an open source Web control panel. It provides an user-friendly user interface for managing websites, emails, databases, FTP accounts and more. Cyberpanel is designed to simplify the task of website management and make it easy for non-technical users to manage their online resources. /databases/upgrademysqlstatus endpoint has a remote code execution vulnerability, which allows attackers execute arbitrary command by bypassing secMiddleware. Version 2.3.5 and 2.3.6 are affected by the vulnerability.
Impact: An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software.
Affected OS: Windows, Linux, Others
Reference: https://cwe.mitre.org/data/definitions/420.html
https://cwe.mitre.org/data/definitions/78.html
https://cyberpanel.net/KnowledgeBase/home/change-logs/
https://cyberpanel.net/blog/detials-and-fix-of-recent-security-issue-and-patch-of-cyberpanel
Solutions
Please contact the software vendor to update the software patch.