Posts

• [7] CyberPanel - Broken Authentication and Local File Inclusion (LFI) in '/api/FetchRemoteTransferStatus' endpoint

  Jan 22, 2024

  In CyberPanel versions between 1.7 (possibly earlier) and 2.3.4, the FetchRemoteTransferStatus() function used in ‘Remote Backups’ is missing sufficient authentication controls and is vulnerable to LFI.

• [6] CyberPanel - Insecure Generation and Storage of API tokens

  Jan 22, 2024

  In CyberPanel versions between 1.8.7 and 2.3.4, the user API tokens are insecurely generated using the Base64 transform of the plaintext username and password credentials.

• [5] CyberPanel - Bypass of Security Controls in `commandInjectionCheck()`

  Jan 22, 2024

  In CyberPanel versions between 1.9.4 through 2.3.4, the security controls implemented in the commandInjectionCheck() function were missing checks for specific forbidden special characters, resulting in command injection.

• [4] CyberPanel - Security Middleware Bypass

  Jan 22, 2024

  In CyberPanel versions 2.1.1 through 2.3.4 the Security Middleware mechanism is making security decisions by relying on incorrect order of analysis and incomplete set of forbidden special characters.

• [3] CyberPanel - Authentication Bypass in File Manager's Upload Functionality

  Jan 22, 2024

  In CyberPanel versions between 2.3.1 and 2.3.4, the File Manager’s Upload functionality is susceptible to an authentication bypass vulnerability.

• [2] CyberPanel - Authentication Bypass and Local File Inclusion (LFI) in CloudAPI

  Jan 22, 2024

  In CyberPanel versions between 1.8.7 and 2.3.4, the CloudAPI statusFunc() function is not protected by an authentication mechanism, and is susceptible to a Local File Inclusion (LFI) vulnerability.

• [1] CyberPanel - WebTerminal Authentication Bypass

  Jan 22, 2024

  In CyberPanel versions between 1.9.2 and 2.1.1, the WebTerminal functionality is susceptible to an authentication bypass vulnerability. Unauthenticated attackers could exploit this vulnerability to gain root shell access in the underlying CyberPanel host. Through the elevated access privileges, an attacker could achieve complete control over the data, user accounts, and websites in the compromised CyberPanel instance.

• Multiple Vulnerabilities in CyberPanel

  Jan 22, 2024

  In this post I write briefly about the discovery of multiple security vulnerabilities in CyberPanel. Further details on each of the findings are provided separately in dedicated posts.