CyberPanel RCE Alert: Patch Now or Face Hack-tastrophe!

CyberPanel versions 2.3.5 and 2.3.6 are hilariously vulnerable to unauthenticated remote code execution. If you’re feeling nostalgic for the days of living dangerously, feel free to test this exploit on your next vacation to “Oops-I-Did-It-Again” land. Just remember, patching is the new black. CVE-2024-51378.

1P
Published: April 11, 2025 5:14 amAdded: April 10, 2025 at 10:36 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

Who knew that running an outdated version of CyberPanel could turn your server into the latest hangout spot for hackers? It’s like pulling out the red carpet for a security breach! Looks like the only thing remotely executed here is my patience for anyone who hasn’t patched their software.

Key Points:

  • CyberPanel versions 2.3.5, 2.3.6, and 2.3.7 are vulnerable to unauthenticated Remote Code Execution (RCE).
  • The exploit was discovered by Luka Petrovic and identified as CVE-2024-51378.
  • The vulnerability affects endpoints like “/ftp/getresetstatus” and “/dns/getresetstatus”.
  • This exploit allows attackers to run malicious code without needing to log in.
  • A patch is available; users should update to safeguard their systems.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?