CVE-2024-39907

{"id": "CVE-2024-39907", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-07-18T16:15:07.293", "references": [{"url": "https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to upgrade. There are no known workarounds for these issues."}, {"lang": "es", "value": "1Panel es un panel de control de gesti\u00f3n de servidores Linux basado en web. Hay muchas inyecciones de SQL en el proyecto y algunas de ellas no est\u00e1n bien filtradas, lo que provoca escrituras de archivos arbitrarias y, en \u00faltima instancia, conduce a RCE. Estas inyecciones de SQL se resolvieron en la versi\u00f3n 1.10.12-tls. Se recomienda a los usuarios que actualicen. No se conocen workarounds para estos problemas."}], "lastModified": "2024-07-19T13:01:44.567", "sourceIdentifier": "security-advisories@github.com"}