This week, security researcher DreyAnd disclosed that CyberPanel 2.3.6 (and likely 2.3.7) suffers from three distinct security problems that can result in an exploit allowing unauthenticated remote root access without authentication.

Specifically, the researcher uncovered the following problems on CyberPanel version 2.3.6:

1.Defective authentication: CyberPanel checks for user authentication (login) on each page separately instead of using a central system, leaving certain pages or routes, like ‘upgrademysqlstatus,’ unprotected from unauthorized access. 
2.Command injection: User inputs on unprotected pages aren’t properly sanitized, enabling attackers to inject and execute arbitrary system commands.
3.Security filter bypass: The security middleware only filters POST requests, allowing attackers to bypass it using other HTTP methods, like OPTIONS or PUT.

Curating alpha drops & floor-sweeping gems. Join the flip or hodl
crew as we moonshot into a future sculpted by blockchain brilliance.