Vendor
CyberPanel version 2.1 is vulnerable to command execution (CVE-2021-47949) where an authenticated attacker can exploit symlink attacks via the filemanager controller endpoint by manipulating the completeStartingPath parameter in POST requests, leading to sensitive file access and arbitrary shell command execution.