CVE-2024-51567 is a critical vulnerability in CyberPanel, a popular web hosting control panel, specifically in the upgrademysqlstatus function located in databases/views.py. The flaw allows remote attackers to bypass authentication controls by exploiting the /dataBases/upgrademysqlstatus endpoint. The security middleware designed to protect this endpoint only enforces restrictions on POST requests, but the vulnerability enables attackers to bypass this by using other HTTP methods or malformed requests. Furthermore, the statusfile parameter is vulnerable to shell metacharacter injection, allowing arbitrary command execution on the underlying server. This combination results in unauthenticated remote code execution (RCE) with full system privileges. The vulnerability affects CyberPanel versions through 2.3.6 and unpatched 2.3.7. The CVSS 3.1 base score is 10.0, reflecting the ease of exploitation (no authentication, no user interaction), the critical impact on confidentiality, integrity, and availability, and the scope of affected systems. Exploitation was confirmed in the wild in October 2024 by the PSAUX actor, highlighting active threat. No official patches were noted at the time of disclosure, increasing urgency for mitigation.

The impact of CVE-2024-51567 is severe and wide-ranging. Successful exploitation allows attackers to execute arbitrary commands remotely without authentication, effectively granting full control over affected CyberPanel servers. This can lead to complete system compromise, data theft, service disruption, deployment of malware or ransomware, and use of compromised servers for further attacks such as lateral movement or hosting malicious content. Organizations relying on CyberPanel for web hosting or database management face risks including loss of sensitive customer data, defacement of websites, and operational downtime. The vulnerability's critical severity and ease of exploitation make it a prime target for attackers, potentially affecting hosting providers, enterprises, and government agencies using CyberPanel. Given the active exploitation by PSAUX, the threat is immediate and significant.

1. Immediate upgrade to a patched version of CyberPanel once available; monitor official CyberPanel channels for security updates. 2. Until patches are released, restrict access to the /dataBases/upgrademysqlstatus endpoint via network-level controls such as firewalls or web application firewalls (WAFs) to trusted IP addresses only. 3. Implement strict input validation and sanitization on the statusfile parameter to prevent shell metacharacter injection. 4. Employ intrusion detection/prevention systems (IDS/IPS) to monitor and block suspicious requests targeting this endpoint. 5. Review and harden middleware configurations to ensure authentication checks apply to all HTTP methods, not just POST. 6. Conduct thorough audits of CyberPanel installations to identify any signs of compromise or unauthorized command execution. 7. Educate system administrators about this vulnerability and encourage rapid incident response readiness. 8. Consider isolating CyberPanel servers in segmented network zones to limit potential lateral movement.