CVE-2024-39911

1Panel is a web-based linux server management control panel. 1Panel contains an unspecified sql injection via User-Agent handling. This issue has been addressed in version 1.10.12-lts. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS v3 10.0 CRITICAL

10.0^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://blog.mo60.cn/index.php/archives/1Panel_SQLinjection2Rce.html
https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-7m53-pwp6-v3f5

Configurations

No configuration.

History

No history.

Information

Published : 2024-07-18 16:15

Updated : 2024-07-19 13:01

NVD link : CVE-2024-39911

Mitre link : CVE-2024-39911

CVE.ORG link : CVE-2024-39911

JSON object : View

Products Affected

No product.

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

10.0 /10