CVE-2024-53376

Name of the Vulnerable Software and Affected Versions CyberPanel versions prior to 2.3.8

Description The issue exists due to the lack of measures to neutralize special elements, allowing a remote attacker to execute arbitrary commands using a specially crafted HTTP OPTIONS request. This can be achieved by exploiting shell metacharacters in the phpSelection field to the "websites/submitWebsiteCreation" URI. It is estimated that over 870,000 services are potentially affected.

Recommendations For versions prior to 2.3.8, update to version 2.3.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the phpSelection field in the "websites/submitWebsiteCreation" URI until a patch is available. Avoid using the phpSelection field in the affected API endpoint until the issue is resolved.