CyberPanel also added that it reviewed the findings and released a security patch “within 30 minutes”, since it was released with regular updates.
zero day allowing server takeover
In a security announcement, CyberPanel said it had already installed patches through regular updates after the bugs were notified. However, knowing that the patches are given in private, it is understandable that many devices remain in N-day mode.
Cybersecurity researcher DreyAnd, who is credited with discovering the vulnerability, first went public on October 27, sharing a proof of concept (PoC) about the flaws. Demonstrations include zero authentication, command injection, and bypassing a security filter to implement a full server takeover using remote code execution (RCE).
Source link