Share
## https://sploitus.com/exploit?id=SAINT:018EB6F1FA8689C328DA6C6471E6521A
Added: 11/07/2024  


### Background

CyberPanel is a web hosting control panel. 

### Problem

A pair of vulnerabilities in the `**upgrademysqlstatus**` web resource could allow a remote attacker to bypass authentication using a PUT request and execute arbitrary commands with a specially crafted `**statusfile**` parameter. 

### Resolution

Upgrade to the latest version of CyberPanel. 

### References

https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce   
https://cyberpanel.net/blog/detials-and-fix-of-recent-security-issue-and-patch-of-cyberpanel   


### Platforms

Linux