CVE-2024-53376: CyberPanel Flaw Exposes Systems to Full Compromise, PoC Published

Security researcher Thanatos has uncovered a critical vulnerability (CVE-2024-53376) in CyberPanel, a popular web hosting control panel, that could allow attackers to completely compromise servers. Versions of CyberPanel prior to 2.3.8 are vulnerable to this security flaw, which enables authenticated users to inject and execute operating system (OS) commands.

The vulnerability resides in the /websites/submitWebsiteCreation endpoint and can be exploited using a simple HTTP OPTIONS request. This allows attackers to bypass security measures and gain unauthorized access to the server’s underlying operating system.

Security researcher Thanatos tested the exploit on CyberPanel version 2.3.7, demonstrating the ability to execute commands that write files with root permissions anywhere on the system. If the installation folder of CyberPanel is accessible, attackers can further extract sensitive data, exacerbating the severity of the breach.

A Proof-of-Concept (PoC) for CVE-2024-53376 has been published on GitHub, showcasing the exploit’s simplicity and its devastating potential. The PoC highlights how attackers can use crafted HTTP OPTIONS requests to fully compromise a system.

The implications of CVE-2024-53376 are severe. Successful exploitation could lead to:

• Root-Level Access: The ability to execute commands with root permissions, granting attackers complete control over the affected device.
• Data Exfiltration: If the CyberPanel installation folder is accessible, sensitive data can be extracted directly via the web panel.
• Infrastructure Compromise: Web hosting servers running vulnerable versions of CyberPanel may become conduits for further attacks, jeopardizing hosted websites and customer data.

CyberPanel has addressed this vulnerability in version 2.3.8. All users are strongly urged to update their installations to this version or later immediately.

Related Posts:

• CVE-2024-51378 (CVSS 10): Critical CyberPanel Flaw Under Active Attack, CISA Warns
• 22,000 CyberPanel Servers Exposed: Zero-Click RCE Vulnerability Discovered, PoC Published
• PSAUX Ransomware is Exploiting Two Max Severity Flaws (CVE-2024-51567, CVE-2024-51568) in CyberPanel
• WordPress Issues Urgent Security Update to Patch Multiple Vulnerabilities