Vulnerabilities > Cyberpanel

DATE	CVE	VULNERABILITY TITLE	RISK
2024-10-29	CVE-2024-51567	Missing Authentication for Critical Function vulnerability in Cyberpanel upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. network low complexity cyberpanel CWE-306 critical	9.8
2019-07-02	CVE-2019-13056	Cross-Site Request Forgery (CSRF) vulnerability in Cyberpanel An issue was discovered in CyberPanel through 1.8.4. network cyberpanel CWE-352	6.8

Vulnerabilities > Cyberpanel {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Cyberpanel"}]}