## https://sploitus.com/exploit?id=SAINT:018EB6F1FA8689C328DA6C6471E6521A
Added: 11/07/2024
### Background
CyberPanel is a web hosting control panel.
### Problem
A pair of vulnerabilities in the `**upgrademysqlstatus**` web resource could allow a remote attacker to bypass authentication using a PUT request and execute arbitrary commands with a specially crafted `**statusfile**` parameter.
### Resolution
Upgrade to the latest version of CyberPanel.
### References
https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce
https://cyberpanel.net/blog/detials-and-fix-of-recent-security-issue-and-patch-of-cyberpanel
### Platforms
Linux