CVE-2024-53376 – This vulnerability allows remote authenticated ... (How to Fix)

Q: What is the severity of CVE-2024-53376?

CVE-2024-53376 has a CVSS score of 8.8 (HIGH). This vulnerability allows remote authenticated users to execute arbitrary commands on CyberPanel servers via shell injection in the phpSelection field during website creation. Attackers with valid credentials can achieve remote code execution. All CyberPanel instances before version 2.3.8 are affected.

📋 TL;DR

This vulnerability allows remote authenticated users to execute arbitrary commands on CyberPanel servers via shell injection in the phpSelection field during website creation. Attackers with valid credentials can achieve remote code execution. All CyberPanel instances before version 2.3.8 are affected.

💻 Affected Systems

Products:

CyberPanel

Versions: All versions before 2.3.8

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user access to the web interface.

📦 What is this software?

Cyberpanel by Cyberpanel

View all CVEs affecting Cyberpanel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise leading to data theft, lateral movement, ransomware deployment, or complete system takeover.

🟠

Likely Case

Unauthorized command execution leading to web shell installation, data exfiltration, or service disruption.

🟢

If Mitigated

Limited impact if proper network segmentation, least privilege, and monitoring are in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: LOW

Public exploit script available on GitHub. Requires valid user credentials.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.3.8

Vendor Advisory: https://cyberpanel.net/docs/changelog/

Restart Required: No

Instructions:

1. Backup your CyberPanel configuration. 2. Run: cyberpanel upgrade. 3. Verify version with: cyberpanel --version.

🔧 Temporary Workarounds

Input Validation Filter

linux

Add input validation to reject shell metacharacters in phpSelection field.

Modify /usr/local/CyberCP/CyberCP/websiteFunctions.py to sanitize phpSelection input

Restrict User Privileges

all

Limit authenticated users to minimal necessary permissions.

🧯 If You Can't Patch

Implement strict network segmentation to isolate CyberPanel from critical systems.
Enable detailed logging and monitoring for suspicious command execution patterns.

🔍 How to Verify

Check if Vulnerable:

Check CyberPanel version: cyberpanel --version. If version is below 2.3.8, system is vulnerable.

Check Version:

cyberpanel --version

Verify Fix Applied:

Run: cyberpanel --version. Confirm version is 2.3.8 or higher.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /websites/submitWebsiteCreation with shell metacharacters in parameters
Unexpected command execution in system logs

Network Indicators:

Suspicious outbound connections from CyberPanel server to unknown IPs

SIEM Query:

source="cyberpanel.log" AND uri="/websites/submitWebsiteCreation" AND (phpSelection="*;*" OR phpSelection="*|*" OR phpSelection="*`*")

📊 Metadata

CVE ID: CVE-2024-53376

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

Published: December 16, 2024

Last Updated: September 5, 2025

🔗 References

https://github.com/ThottySploity/CVE-2024-53376 Exploit,Third Party Advisory
https://github.com/ThottySploity/CVE-2024-53376/blob/aa306187323bd1127d56803cb34cac8820b61484/cyberpanel.py#L70 Product
https://thottysploity.github.io/posts/cve-2024-53376 Exploit,Third Party Advisory
https://github.com/ThottySploity/CVE-2024-53376 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-53376, you might also want to check these: