100 matches found
CVE-2024-39911 1Panel SQL injection
1Panel is a web-based linux server management control panel. 1Panel contains an unspecified sql injection via User-Agent handling. This issue has been addressed in version 1.10.12-lts. Users are advised to upgrade. There are no known workarounds for this vulnerability...
CVE-2024-39911 1Panel SQL injection
1Panel is a web-based linux server management control panel. 1Panel contains an unspecified sql injection via User-Agent handling. This issue has been addressed in version 1.10.12-lts. Users are advised to upgrade. There are no known workarounds for this vulnerability...
CVE-2024-39907 a sqlinjection in 1Panel
1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to...
CVE-2024-39907 a sqlinjection in 1Panel
1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to...
PT-2024-5240 · 1Panel · 1Panel
Name of the Vulnerable Software and Affected Versions: 1Panel versions prior to 1.10.12-lts Description: The issue is related to an unspecified SQL injection via User-Agent handling in 1Panel, a web-based Linux server management control panel. This could allow a remote attacker to execute arbitra...
GO-2024-2734 1Panel's password verification is suspected to have a timing attack vulnerability in github.com/1Panel-dev/1Panel
1Panel's password verification is suspected to have a timing attack vulnerability in github.com/1Panel-dev/1Panel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive report...
GO-2024-2636 1Panel is vulnerable to command injection in github.com/1Panel-dev/1Panel
1Panel is vulnerable to command injection in github.com/1Panel-dev/1Panel...
GO-2024-2830 Arbitrary file write in github.com/1Panel-dev/1Panel
A maliciously crafted packet can write to an arbitrary file...
GHSA-F8CH-W75V-C847 1Panel arbitrary file write vulnerability
Summary There are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. We can use the following mirror configuration write symbol to achieve arbitrary file writing PoC Dockerfile FROM bash:latest COPY...
CVE-2024-30257 1Panel's password verification is suspected to have a timing attack vulnerability
1Panel is an open source Linux server operation and maintenance management panel. The password verification in the source code uses the != symbol instead hmac.Equal. This may lead to a timing attack vulnerability. This vulnerability is fixed in 1.10.3-lts...
CVE-2024-30257 1Panel's password verification is suspected to have a timing attack vulnerability
1Panel is an open source Linux server operation and maintenance management panel. The password verification in the source code uses the != symbol instead hmac.Equal. This may lead to a timing attack vulnerability. This vulnerability is fixed in 1.10.3-lts...
Command Injection
github.com/1panel-dev/1panel is vulnerable to Command Injection. The vulnerability is caused due to a lack of proper input validation in the "Path" argument, This flaw allows an attacker to manipulate the "Path" and inject arbitrary commands and can potentially lead to Command Injection...
GHSA-X2VG-5WRF-VJ6V 1Panel is vulnerable to command injection
1Panel is vulnerable to command injection. This vulnerability has been classified as critical, has been found in 1Panel up to 1.10.1-lts. Affected by this issue is the function baseApi.UpdateDeviceSwap of the file /api/v1/toolbox/device/update/swap. The manipulation of the argument Path with the...
CVE-2024-2352
A vulnerability, which was classified as critical, has been found in 1Panel up to 1.10.1-lts. Affected by this issue is the function baseApi.UpdateDeviceSwap of the file /api/v1/toolbox/device/update/swap. The manipulation of the argument Path with the input 123123123\nopen -a Calculator leads to...
CVE-2024-2352
A vulnerability, which was classified as critical, has been found in 1Panel up to 1.10.1-lts. Affected by this issue is the function baseApi.UpdateDeviceSwap of the file /api/v1/toolbox/device/update/swap. The manipulation of the argument Path with the input 123123123\nopen -a Calculator leads to...
Command injection
A vulnerability, which was classified as critical, has been found in 1Panel up to 1.10.1-lts. Affected by this issue is the function baseApi.UpdateDeviceSwap of the file /api/v1/toolbox/device/update/swap. The manipulation of the argument Path with the input 123123123\nopen -a Calculator leads to...
CVE-2024-2352 1Panel swap baseApi.UpdateDeviceSwap command injection
A vulnerability, which was classified as critical, has been found in 1Panel up to 1.10.1-lts. Affected by this issue is the function baseApi.UpdateDeviceSwap of the file /api/v1/toolbox/device/update/swap. The manipulation of the argument Path with the input 123123123\nopen -a Calculator leads to...
CVE-2024-2352 1Panel swap baseApi.UpdateDeviceSwap command injection
A vulnerability, which was classified as critical, has been found in 1Panel up to 1.10.1-lts. Affected by this issue is the function baseApi.UpdateDeviceSwap of the file /api/v1/toolbox/device/update/swap. The manipulation of the argument Path with the input 123123123\nopen -a Calculator leads to...
CVE-2024-2352
1Panel up to 1.10.1-lts is affected by CVE-2024-2352 via command injection in the function baseApi.UpdateDeviceSwap (file /api/v1/toolbox/device/update/swap). The issue arises from untrusted input in the Path argument (example: 123123123\nopen -a Calculator), which can be exploited remotely. Publ...
1Panel is vulnerable to command injection
1Panel is vulnerable to command injection. This vulnerability has been classified as critical, has been found in 1Panel up to 1.10.1-lts. Affected by this issue is the function baseApi.UpdateDeviceSwap of the file /api/v1/toolbox/device/update/swap. The manipulation of the argument Path with the...