100 matches found
CVE-2023-39964 1Panel O&M management panel has a background arbitrary file reading vulnerability
1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, arbitrary file reads allow an attacker to read arbitrary important configuration files on the server. In the api/v1/file.go file, there is a function called LoadFromFile, which directly reads the...
CVE-2023-39964 1Panel O&M management panel has a background arbitrary file reading vulnerability
1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, arbitrary file reads allow an attacker to read arbitrary important configuration files on the server. In the api/v1/file.go file, there is a function called LoadFromFile, which directly reads the...
CVE-2023-39964
Summary: CVE-2023-39964 affects 1Panel O&M panel. In version 1.4.3, the function LoadFromFile in api/v1/file.go reads a server file directly from the unfiltered path parameter, enabling arbitrary file reads of important configuration files. The issue is a background file read vulnerability exploi...
CVE-2023-39965
creationtimestamp| type| source ---|---|--- 2023-08-10 06:47:11+00:00| published-proof-of-concept| https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-85cf-gj29-f555...
CVE-2023-37477
1Panel is an open source Linux server operation and maintenance management panel. An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger...
Command injection
1Panel is an open source Linux server operation and maintenance management panel. An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger...
GHSA-P9XF-74XH-MHW5 1Panel command injection vulnerability in Firewall ip functionality
Summary An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. Details 1Panel firewall functionality /hosts/firewall/...
CVE-2023-37477 Command injection in firewall ip functionality in 1Panel
1Panel is an open source Linux server operation and maintenance management panel. An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger...
CVE-2023-37477 Command injection in firewall ip functionality in 1Panel
1Panel is an open source Linux server operation and maintenance management panel. An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger...
CVE-2023-37477 Command injection in firewall ip functionality in 1Panel
1Panel is an open source Linux server operation and maintenance management panel. An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger...
CVE-2023-37477
1Panel exposes an OS command injection in its firewall IP endpoint (/hosts/firewall/ip). The vulnerability allows an authenticated attacker to craft input that leads to arbitrary command execution, potentially full system compromise. The issue stems from lack of input validation in the firewall f...
Command Injection
github.com/1panel-dev/1panel is vulnerable to Command Injections. The vulnerability exists when adding container repositories which allows an attacker to inject and execute arbitrary commands...
GHSA-7X2C-FGX6-XF9H 1Panel vulnerable to command injection when entering the container terminal
Impact The authenticated attacker can craft a malicious payloads to achieve command injection when entering the container terminal. 1. Vulnerability analysis. backend\app\api\v1\terminal.goContainerWsSsh 2. vulnerability reproduction. GET...
CVE-2023-36457 1Panel vulnerable to command injection when adding container repositories
1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payload to achieve command injection when adding container repositories. The vulnerability has been fixed in v1.3.6...
CVE-2023-36457
1Panel (open-source Linux server operation/maintenance panel) prior to v1.3.6 is affected by a command injection vulnerability when adding container repositories. An authenticated attacker can craft a malicious payload (as demonstrated by the reported payloads in advisories) to trigger code execu...
CVE-2023-36457 1Panel vulnerable to command injection when adding container repositories
1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payload to achieve command injection when adding container repositories. The vulnerability has been fixed in v1.3.6...
CVE-2023-36458 1Panel vulnerable to ommand injection when entering the container terminal
1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payloads to achieve command injection when entering the container terminal. The vulnerability has been fixed in v1.3.6...
CVE-2023-36458 1Panel vulnerable to ommand injection when entering the container terminal
1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payloads to achieve command injection when entering the container terminal. The vulnerability has been fixed in v1.3.6...
CVE-2023-36458
1Panel is an open source Linux server operation and maintenance panel. Affected versions are
1Panel 命令注入漏洞
1Panel is an open source Linux server operation and management panel for the Chinese 1Panel community. A command injection vulnerability exists in versions prior to 1.3.6 of 1Panel, which originates from allowing an attacker to build a malicious payload to achieve command injection when entering ...