CVE-2024-51378.zip
126.1 KB
CVE-2024-51378
Author: rimbadirgantara
getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.
GitHub Link:
https://github.com/rimbadirgantara/CVE-2024-51378
Author: rimbadirgantara
getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.
GitHub Link:
https://github.com/rimbadirgantara/CVE-2024-51378
CVE-2023-35813.zip
5.8 KB
CVE-2023-35813
Author: her3ticAVI
Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.
GitHub Link:
https://github.com/her3ticAVI/CVE-2023-35813
Author: her3ticAVI
Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.
GitHub Link:
https://github.com/her3ticAVI/CVE-2023-35813