SUSE CVE-2025-66508

1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.14 and below use Gin's default configuration which trusts all IP addresses as proxies TrustedProxies = 0.0.0.0/0, allowing any client to spoof the X-Forwarded-For header. Since all IP-based access controls...

CVE-2025-66508 1Panel IP Access Control Bypass via Untrusted X-Forwarded-For Headers

1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.14 and below use Gin's default configuration which trusts all IP addresses as proxies TrustedProxies = 0.0.0.0/0, allowing any client to spoof the X-Forwarded-For header. Since all IP-based access controls...

EUVD-2025-201792

1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.14 and below use Gin's default configuration which trusts all IP addresses as proxies TrustedProxies = 0.0.0.0/0, allowing any client to spoof the X-Forwarded-For header. Since all IP-based access controls...

CVE-2025-56413

OS Command injection vulnerability in function OperateSSH in 1panel 2.0.8 allowing attackers to execute arbitrary commands via the operation parameter to the /api/v2/hosts/ssh/operate endpoint...

SUSE CVE-2025-54424

1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versions 2.0.5 and below, the HTTPS protocol used for communication between the Core and Agent endpoints has incomplete certificate verification during certificate...

1Panel 命令注入漏洞

1Panel is an open source Linux server operation and maintenance management panel of the Chinese 1Panel community . 1Panel suffers from a command injection vulnerability that stems from incomplete certificate validation, which can be exploited by an attacker to cause remote code execution...

PT-2024-5239 · 1Panel · 1Panel

Name of the Vulnerable Software and Affected Versions: 1Panel versions prior to 1.10.12-tls Description: The issue is related to SQL injections in the 1Panel project, specifically with the orderBy parameter, which can lead to arbitrary file writes and ultimately to remote code execution RCE. The...

1Panel 命令注入漏洞

1Panel is an open source Linux server operations and management panel for the Chinese 1panel community. A command injection vulnerability exists in versions prior to 1Panel v1.10.3-lts. The vulnerability stems from the presence of a command injection issue that can lead to arbitrary file writing...

PT-2023-27177 · 1Panel · 1Panel

Name of the Vulnerable Software and Affected Versions: 1Panel versions 1.4.3 Description: 1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, authenticated attackers can download arbitrary files through the API interface, specifically the "POST...

PT-2023-27176 · 1Panel · 1Panel

Name of the Vulnerable Software and Affected Versions: 1Panel version 1.4.3 Description: 1Panel is an open source Linux server operation and maintenance management panel. In the api/v1/file.go file, there is a function called LoadFromFile, which directly reads the file by obtaining the requested...

1Panel 命令注入漏洞

1Panel is an open source Linux server operations and management panel for the Chinese 1panel community. A command injection vulnerability exists in versions prior to 1.3.6 of 1Panel. The vulnerability stems from the fact that an authenticated attacker can craft a malicious load to enable command...