Описание
CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner() sink. There is /filemanager/upload (aka File Manager upload) unauthenticated remote code execution via shell metacharacters.
Ссылки
- Product
- Release Notes
- Release Notes
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.3.5 (исключая)
cpe:2.3:a:cyberpanel:cyberpanel:*:*:*:*:*:*:*:*
EPSS
Процентиль: 100%
0.92351
Критический
10 Critical
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 10
github
больше 1 года назад
CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner() sink. There is /filemanager/upload (aka File Manager upload) unauthenticated remote code execution via shell metacharacters.
EPSS
Процентиль: 100%
0.92351
Критический
10 Critical
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-78