CVE-2024-56112

Name of the Vulnerable Software and Affected Versions CyberPanel versions before f0cf648

Description The issue is related to a lack of protection for the web page structure in the CyberPanel web hosting control panel. This can be exploited by a remote attacker to conduct cross-site scripting attacks. The vulnerability can be exploited via the token or username to the "plogical/phpmyadminsignin.php" endpoint.

Recommendations For versions before f0cf648, update to a version after f0cf648 to resolve the issue. As a temporary workaround, consider restricting access to the "plogical/phpmyadminsignin.php" endpoint to minimize the risk of exploitation. Avoid using the token or username variables in this endpoint until the issue is resolved.