CVE-2024-39907 (GCVE-0-2024-39907)
Vulnerability from cvelistv5 – Published: 2024-07-18 15:31 – Updated: 2024-08-02 04:33
VLAI?
Summary
1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to upgrade. There are no known workarounds for these issues.
Severity ?
9.8 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| 1Panel-dev | 1Panel |
Affected:
>= 1.10.9-tls, < 1.10.12-tls
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fit2cloud:1panel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "1panel",
"vendor": "fit2cloud",
"versions": [
{
"lessThan": "1.10.12-lts",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39907",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T19:36:35.882647Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T13:02:34.659Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:33:11.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "1Panel",
"vendor": "1Panel-dev",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.10.9-tls, \u003c 1.10.12-tls"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to upgrade. There are no known workarounds for these issues."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T15:31:30.892Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6"
}
],
"source": {
"advisory": "GHSA-5grx-v727-qmq6",
"discovery": "UNKNOWN"
},
"title": "a sqlinjection in 1Panel "
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-39907",
"datePublished": "2024-07-18T15:31:30.892Z",
"dateReserved": "2024-07-02T19:37:18.600Z",
"dateUpdated": "2024-08-02T04:33:11.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fit2cloud:1panel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.10.9-lts\", \"versionEndExcluding\": \"1.10.12-lts\", \"matchCriteriaId\": \"4985775A-3A3F-4416-A9E4-356E21E034A4\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to upgrade. There are no known workarounds for these issues.\"}, {\"lang\": \"es\", \"value\": \"1Panel es un panel de control de gesti\\u00f3n de servidores Linux basado en web. Hay muchas inyecciones de SQL en el proyecto y algunas de ellas no est\\u00e1n bien filtradas, lo que provoca escrituras de archivos arbitrarias y, en \\u00faltima instancia, conduce a RCE. Estas inyecciones de SQL se resolvieron en la versi\\u00f3n 1.10.12-tls. Se recomienda a los usuarios que actualicen. No se conocen workarounds para estos problemas.\"}]",
"id": "CVE-2024-39907",
"lastModified": "2024-11-21T09:28:32.600",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
"published": "2024-07-18T16:15:07.293",
"references": "[{\"url\": \"https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-39907\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-07-18T16:15:07.293\",\"lastModified\":\"2024-11-21T09:28:32.600\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to upgrade. There are no known workarounds for these issues.\"},{\"lang\":\"es\",\"value\":\"1Panel es un panel de control de gesti\u00f3n de servidores Linux basado en web. Hay muchas inyecciones de SQL en el proyecto y algunas de ellas no est\u00e1n bien filtradas, lo que provoca escrituras de archivos arbitrarias y, en \u00faltima instancia, conduce a RCE. Estas inyecciones de SQL se resolvieron en la versi\u00f3n 1.10.12-tls. Se recomienda a los usuarios que actualicen. No se conocen workarounds para estos problemas.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fit2cloud:1panel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.10.9-lts\",\"versionEndExcluding\":\"1.10.12-lts\",\"matchCriteriaId\":\"4985775A-3A3F-4416-A9E4-356E21E034A4\"}]}]}],\"references\":[{\"url\":\"https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6\", \"name\": \"https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T04:33:11.402Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-39907\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-18T19:36:35.882647Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:fit2cloud:1panel:*:*:*:*:*:*:*:*\"], \"vendor\": \"fit2cloud\", \"product\": \"1panel\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.10.12-lts\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-18T19:40:31.136Z\"}}], \"cna\": {\"title\": \"a sqlinjection in 1Panel \", \"source\": {\"advisory\": \"GHSA-5grx-v727-qmq6\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"1Panel-dev\", \"product\": \"1Panel\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 1.10.9-tls, \u003c 1.10.12-tls\"}]}], \"references\": [{\"url\": \"https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6\", \"name\": \"https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to upgrade. There are no known workarounds for these issues.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-89\", \"description\": \"CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-07-18T15:31:30.892Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-39907\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T04:33:11.402Z\", \"dateReserved\": \"2024-07-02T19:37:18.600Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-07-18T15:31:30.892Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
GHSA-5GRX-V727-QMQ6
Vulnerability from github – Published: 2024-07-18 14:25 – Updated: 2024-07-24 13:49
VLAI?
Summary
1Panel has an SQL injection issue related to the orderBy clause
Details
Summary
There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. The proof is as follows
Details (one of them )
PoC
curl 'http://api:30455/api/v1/hosts/command/search' {"page":1,"pageSize":10,"groupID":0,"orderBy":"3","order":"ascending","name":"a"}
for example as picture . just change orderby‘s num we can know How many columns does the data table have.Parameters require strict whitelist filtering
Impact
RCE、data leak.
Severity ?
9.8 (Critical)
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/1Panel-dev/1Panel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.10.12-tls"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-39907"
],
"database_specific": {
"cwe_ids": [
"CWE-89"
],
"github_reviewed": true,
"github_reviewed_at": "2024-07-18T14:25:00Z",
"nvd_published_at": "2024-07-18T16:15:07Z",
"severity": "CRITICAL"
},
"details": "### Summary\nThere are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs.\nThe proof is as follows\n\n### Details \uff08one of them \uff09\n\u003cimg width=\"697\" alt=\"image\" src=\"https://github.com/1Panel-dev/1Panel/assets/129351704/895b7b43-9bc0-44b3-9c84-24c2dcc962da\"\u003e\n\u003cimg width=\"936\" alt=\"image\" src=\"https://github.com/1Panel-dev/1Panel/assets/129351704/1b8eb866-9865-4bef-a359-53335d709157\"\u003e\n\u003cimg width=\"684\" alt=\"image\" src=\"https://github.com/1Panel-dev/1Panel/assets/129351704/e865d6d0-7ecb-49f7-b4a2-f1b0bc407986\"\u003e\n\n\n### PoC\ncurl \u0027http://api:30455/api/v1/hosts/command/search\u0027 {\"page\":1,\"pageSize\":10,\"groupID\":0,\"orderBy\":\"**3**\",\"order\":\"ascending\",\"name\":\"a\"}\n\u003cimg width=\"664\" alt=\"image\" src=\"https://github.com/1Panel-dev/1Panel/assets/129351704/250d5a2a-cb32-44dc-9831-86dbc2f2b43f\"\u003e\nfor example as picture . just change orderby\u2018s num we can know How many columns does the data table have.Parameters require strict whitelist filtering\n\n### Impact\nRCE\u3001data leak.\n",
"id": "GHSA-5grx-v727-qmq6",
"modified": "2024-07-24T13:49:36Z",
"published": "2024-07-18T14:25:00Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39907"
},
{
"type": "WEB",
"url": "https://github.com/1Panel-dev/1Panel/commit/ff549a47937c1314e6ee08453a1d2128242440cd"
},
{
"type": "PACKAGE",
"url": "https://github.com/1Panel-dev/1Panel"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "1Panel has an SQL injection issue related to the orderBy clause"
}
CNVD-2024-33554
Vulnerability from cnvd - Published: 2024-07-24
VLAI Severity ?
Title
1Panel SQL注入漏洞
Description
1Panel是杭州飞致云信息科技有限公司推出的产品,是一款现代化、开源的Linux服务器运维管理面板。
1Panel存在SQL注入漏洞,该漏洞是由于存在1Panel多处过滤不当,攻击者可利用该漏洞登录后利用SQL注入导致敏感信息泄露。
Severity
高
Patch Name
1Panel SQL注入漏洞的补丁
Patch Description
1Panel是杭州飞致云信息科技有限公司推出的产品,是一款现代化、开源的Linux服务器运维管理面板。
1Panel存在SQL注入漏洞,该漏洞是由于存在1Panel多处过滤不当,攻击者可利用该漏洞登录后利用SQL注入导致敏感信息泄露。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://blog.mo60.cn/index.php/archives/1Panel_SQLinjection2Rce.html
Reference
https://nvd.nist.gov/vuln/detail/CVE-2024-39907
Impacted products
| Name | 杭州飞致云信息科技有限公司 1Panel <1.10.12-tls |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2024-39907"
}
},
"description": "1Panel\u662f\u676d\u5dde\u98de\u81f4\u4e91\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8\u63a8\u51fa\u7684\u4ea7\u54c1\uff0c\u662f\u4e00\u6b3e\u73b0\u4ee3\u5316\u3001\u5f00\u6e90\u7684Linux\u670d\u52a1\u5668\u8fd0\u7ef4\u7ba1\u7406\u9762\u677f\u3002\n\n1Panel\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u5b58\u57281Panel\u591a\u5904\u8fc7\u6ee4\u4e0d\u5f53\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u767b\u5f55\u540e\u5229\u7528SQL\u6ce8\u5165\u5bfc\u81f4\u654f\u611f\u4fe1\u606f\u6cc4\u9732\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://blog.mo60.cn/index.php/archives/1Panel_SQLinjection2Rce.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2024-33554",
"openTime": "2024-07-24",
"patchDescription": "1Panel\u662f\u676d\u5dde\u98de\u81f4\u4e91\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8\u63a8\u51fa\u7684\u4ea7\u54c1\uff0c\u662f\u4e00\u6b3e\u73b0\u4ee3\u5316\u3001\u5f00\u6e90\u7684Linux\u670d\u52a1\u5668\u8fd0\u7ef4\u7ba1\u7406\u9762\u677f\u3002\r\n\r\n1Panel\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u5b58\u57281Panel\u591a\u5904\u8fc7\u6ee4\u4e0d\u5f53\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u767b\u5f55\u540e\u5229\u7528SQL\u6ce8\u5165\u5bfc\u81f4\u654f\u611f\u4fe1\u606f\u6cc4\u9732\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "1Panel SQL\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "\u676d\u5dde\u98de\u81f4\u4e91\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8 1Panel \u003c1.10.12-tls"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2024-39907",
"serverity": "\u9ad8",
"submitTime": "2024-07-24",
"title": "1Panel SQL\u6ce8\u5165\u6f0f\u6d1e"
}
FKIE_CVE-2024-39907
Vulnerability from fkie_nvd - Published: 2024-07-18 16:15 - Updated: 2024-11-21 09:28
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to upgrade. There are no known workarounds for these issues.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fit2cloud:1panel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4985775A-3A3F-4416-A9E4-356E21E034A4",
"versionEndExcluding": "1.10.12-lts",
"versionStartIncluding": "1.10.9-lts",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to upgrade. There are no known workarounds for these issues."
},
{
"lang": "es",
"value": "1Panel es un panel de control de gesti\u00f3n de servidores Linux basado en web. Hay muchas inyecciones de SQL en el proyecto y algunas de ellas no est\u00e1n bien filtradas, lo que provoca escrituras de archivos arbitrarias y, en \u00faltima instancia, conduce a RCE. Estas inyecciones de SQL se resolvieron en la versi\u00f3n 1.10.12-tls. Se recomienda a los usuarios que actualicen. No se conocen workarounds para estos problemas."
}
],
"id": "CVE-2024-39907",
"lastModified": "2024-11-21T09:28:32.600",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-18T16:15:07.293",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…