CVE-2024-39907

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-39907

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-39907.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-39907

Aliases

Related

GHSA-5grx-v727-qmq6

Published

2024-07-18T16:15:07Z

Modified

2025-02-18T19:52:41Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to upgrade. There are no known workarounds for these issues.

References

https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6

Affected packages

Git / github.com/1panel-dev/1panel

Affected ranges

Type: GIT
Repo: https://github.com/1panel-dev/1panel
Events: Introduced

508e2ec372f7a63d073b734fd05d573d5a84e067

Fixed

16a35141dda0f5016da378cdc26e8ced4868ec4a