Lucene search

GitHub_MVULNRICHMENT:CVE-2024-39911

HistoryJul 18, 2024 - 3:35 p.m.

CVE-2024-39911 1Panel SQL injection

2024-07-1815:35:15

CWE-89

GitHub_M

github.com

1panel

sql injection

user-agent handling

upgrade

vulnerability

linux server management control panel

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

50.3%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

1Panel is a web-based linux server management control panel. 1Panel contains an unspecified sql injection via User-Agent handling. This issue has been addressed in version 1.10.12-lts. Users are advised to upgrade. There are no known workarounds for this vulnerability.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:fit2cloud:1panel:*:*:*:*:*:*:*:*"
    ],
    "vendor": "fit2cloud",
    "product": "1panel",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "1.10.2-lts",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

blog.mo60.cn/index.php/archives/1Panel_SQLinjection2Rce.html

github.com/1Panel-dev/1Panel/security/advisories/GHSA-7m53-pwp6-v3f5

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

50.3%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-39911