HIGH
Cyberpanel
CVE published 2026-05-10
CVE-2021-47949
CVE-2021-47949 describes an authenticated command-execution issue in CyberPanel 2.1 tied to symlink abuse in the filemanager controller. According to the supplied description, an attacker can manipulate the completeStartingPath parameter in POST requests to /filemanager/controller to create symbolic links, read sensitive files such as database credentials, and then reach remote code execution through /web [truncated]