From cf26b15dbf679ce306bf0bd86ad01a57d0d5b589 Mon Sep 17 00:00:00 2001
From: Goby <50955360+gobysec@users.noreply.github.com>
Date: Tue, 29 Oct 2024 15:13:58 +0800
Subject: [PATCH] Create CyberPanel upgrademysqlstatus Command Execution
 Vulnerability.md

---
 ...emysqlstatus Command Execution Vulnerability.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 CyberPanel upgrademysqlstatus Command Execution Vulnerability.md

diff --git a/CyberPanel upgrademysqlstatus Command Execution Vulnerability.md b/CyberPanel upgrademysqlstatus Command Execution Vulnerability.md
new file mode 100644
index 0000000..ff2b6fc
--- /dev/null
+++ b/CyberPanel upgrademysqlstatus Command Execution Vulnerability.md	
@@ -0,0 +1,14 @@
+**Updated document date: October 29, 2024** 
+
+## 	CyberPanel /dataBases/upgrademysqlstatus Command Execution Vulnerability
+|   **Vulnerability**  | GCyberPanel /dataBases/upgrademysqlstatus Command Execution Vulnerability|
+| :----:   | :-----|
+|  **Chinese name**  |	CyberPanel /dataBases/upgrademysqlstatus 命令执行漏洞 |
+| **CVSS core**  | 		9.80 |
+| **FOFA Query**  (click to view the results directly)|  [app="GCyberPanel"]
+| **Number of assets affected**  | 199,633 |
+| **Description**  |CyberPanel is an open source web control panel that provides a user-friendly interface for managing websites,emails, databases, FTP accounts, etc. |
+| **Impact** | CyberPanel is designed to simplify website management tasks, allowing non-technical users to easily manage their online resources. The /dataBases/upgrademysqlstatus interface has a command execution vulnerability. Unauthorized attackers can execute arbitrary commands through this interface to obtain server permissions, resulting in serious consequences such as data leakage and server takeover.
+| **Affected versions** |2.3.6
+
+![](https://s3.bmp.ovh/imgs/2024/10/29/055e7294b806f1cc.gif)