automatic module_metadata_base.json update

adfoster-r7 · Dec 5, 2024 · 22ade4f · 22ade4f
1 parent 8ac7348
commit 22ade4f
Showing 1 changed file with 82 additions and 0 deletions.
diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
@@ -129294,6 +129294,88 @@
     "session_types": false,
     "needs_cleanup": null
   },
+  "exploit_unix/webapp/cyberpanel_preauth_rce_multi_cve": {
+    "name": "CyberPanel Multi CVE Pre-auth RCE",
+    "fullname": "exploit/unix/webapp/cyberpanel_preauth_rce_multi_cve",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2024-10-27",
+    "type": "exploit",
+    "author": [
+      "DreyAnd",
+      "Valentin Lobstein",
+      "Luka Petrovic (refr4g)"
+    ],
+    "description": "This module exploits three separate unauthenticated Remote Code Execution vulnerabilities in CyberPanel:\n\n          - CVE-2024-51567: Command injection vulnerability in the \"upgrademysqlstatus\" endpoint.\n          - CVE-2024-51568: Command Injection via the \"completePath\" parameter in the \"outputExecutioner\" sink.\n          - CVE-2024-51378: Unauthenticated RCE in \"/ftp/getresetstatus\" and \"/dns/getresetstatus\".\n\n          These vulnerabilities were exploited in ransomware campaigns affecting over 22,000 CyberPanel instances, with the PSAUX ransomware being the primary actor in these attacks.",
+    "references": [
+      "CVE-2024-51567",
+      "CVE-2024-51568",
+      "CVE-2024-51378",
+      "URL-https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce",
+      "URL-https://refr4g.github.io/posts/cyberpanel-command-injection-vulnerability/",
+      "URL-https://github.com/DreyAnd/CyberPanel-RCE",
+      "URL-https://github.com/refr4g/CVE-2024-51378",
+      "URL-https://www.bleepingcomputer.com/news/security/massive-psaux-ransomware-attack-targets-22-000-cyberpanel-instances/",
+      "URL-https://gist.github.com/gboddin/d78823245b518edd54bfc2301c5f8882"
+    ],
+    "platform": "Linux,Unix",
+    "arch": "cmd",
+    "rport": 8090,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Unix/Linux Command Shell"
+    ],
+    "mod_time": "2024-12-05 16:05:25 +0000",
+    "path": "/modules/exploits/unix/webapp/cyberpanel_preauth_rce_multi_cve.rb",
+    "is_install_path": true,
+    "ref_name": "unix/webapp/cyberpanel_preauth_rce_multi_cve",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": null,
+    "actions": [
+      {
+        "name": "CVE-2024-51378",
+        "description": "Exploit using CVE-2024-51378"
+      },
+      {
+        "name": "CVE-2024-51567",
+        "description": "Exploit using CVE-2024-51567"
+      },
+      {
+        "name": "CVE-2024-51568",
+        "description": "Exploit using CVE-2024-51568"
+      }
+    ]
+  },
   "exploit_unix/webapp/datalife_preview_exec": {
     "name": "DataLife Engine preview.php PHP Code Injection",
     "fullname": "exploit/unix/webapp/datalife_preview_exec",