Lucene search
Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-090769349DAD2747102402260D8297CEHistoryJul 18, 2024 - 12:00 a.m.
1Panel has an SQL injection issue related to the orderBy clause
2024-07-1800:00:00
https://gitlab.com/gitlab-org/security-products/gemnasium-db
gitlab.com
9
panel
sql injection
orderby clause
unfiltered injections
arbitrary file writes
rces
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
6.9
Confidence
High
EPSS
0.006
Percentile
79.5%
There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs.
The proof is as follows
Affected configurations
Node
go1panelRange<1.10.12-tls
Related
osv
osv
veracode
veracode
SQL Injection
2024-07-22 17:22:25
vulnrichment
vulnrichment
CVE-2024-39907 a sqlinjection in 1Panel
2024-07-18 15:31:30
nuclei
nuclei
1Panel SQL Injection - Authenticated
2024-07-30 09:14:30
cve
cve
CVE-2024-39907
2024-07-18 16:15:07
cvelist
cvelist
CVE-2024-39907 a sqlinjection in 1Panel
2024-07-18 15:31:30
nvd
nvd
CVE-2024-39907
2024-07-18 16:15:07
github
github
1Panel has an SQL injection issue related to the orderBy clause
2024-07-18 14:25:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
6.9
Confidence
High
EPSS
0.006
Percentile
79.5%
Related for GITLAB-090769349DAD2747102402260D8297CE