Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
CVE-2021-47949: CyberPanel 2.1 allows attackers to read files and execute code
CVE-2021-47949
Summary
CyberPanel, a web hosting control panel, has a security flaw that lets attackers with a login access to sensitive information and run malicious code on the server. This could lead to unauthorized access to data and system compromise. Update to the latest version to fix this issue.
Original title
CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager c...
Original description
CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager controller endpoint. Attackers can manipulate the completeStartingPath parameter in POST requests to /filemanager/controller to create symbolic links, read sensitive files like database credentials, and execute arbitrary shell commands through the /websites/fetchFolderDetails endpoint.
nvd CVSS3.1
8.8
nvd CVSS4.0
8.7
Vulnerability type
CWE-59
Link Following
Published: 10 May 2026 · Updated: 28 May 2026 · First seen: 10 May 2026