Updated document date: October 29, 2024
| Vulnerability | GCyberPanel /dataBases/upgrademysqlstatus Command Execution Vulnerability |
|---|---|
| Chinese name | CyberPanel /dataBases/upgrademysqlstatus 命令执行漏洞 |
| CVSS core | 9.80 |
| FOFA Query (click to view the results directly) | [app="GCyberPanel"] |
| Number of assets affected | 199,633 |
| Description | CyberPanel is an open source web control panel that provides a user-friendly interface for managing websites,emails, databases, FTP accounts, etc. |
| Impact | CyberPanel is designed to simplify website management tasks, allowing non-technical users to easily manage their online resources. The /dataBases/upgrademysqlstatus interface has a command execution vulnerability. Unauthorized attackers can execute arbitrary commands through this interface to obtain server permissions, resulting in serious consequences such as data leakage and server takeover. |
| Affected versions | 2.3.6 |
