Lucene search

[email protected]NVD:CVE-2024-39907

HistoryJul 18, 2024 - 4:15 p.m.

CVE-2024-39907

2024-07-1816:15:07

CWE-89

[email protected]

web.nvd.nist.gov

panel

web-based

server management

sql injections

resolved

upgrade

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.006

Percentile

79.5%

JSON

1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to upgrade. There are no known workarounds for these issues.

Affected configurations

Nvd

Node

fit2cloud1panelRange1.10.9-lts–1.10.12-lts

VendorProductVersionCPE
fit2cloud1panel*cpe:2.3:a:fit2cloud:1panel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fit2cloud	1panel	*	cpe:2.3:a:fit2cloud:1panel::::::::

References

github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.006

Percentile

79.5%

JSON

Related for NVD:CVE-2024-39907

osv2 gitlab1 vulnrichment1 veracode1 nuclei1 cve1 cvelist1 github1