Vulnerability Description
1Panel is a web-based linux server management control panel. 1Panel contains an unspecified sql injection via User-Agent handling. This issue has been addressed in version 1.10.12-lts. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fit2Cloud | 1Panel | >= 1.10.10-lts, < 1.10.12-lts |
Related Weaknesses (CWE)
References
- https://blog.mo60.cn/index.php/archives/1Panel_SQLinjection2Rce.htmlExploitThird Party Advisory
- https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-7m53-pwp6-v3f5ExploitVendor Advisory
- https://blog.mo60.cn/index.php/archives/1Panel_SQLinjection2Rce.htmlExploitThird Party Advisory
- https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-7m53-pwp6-v3f5ExploitVendor Advisory
FAQ
What is CVE-2024-39911?
CVE-2024-39911 is a vulnerability with a CVSS score of 10.0 (CRITICAL). 1Panel is a web-based linux server management control panel. 1Panel contains an unspecified sql injection via User-Agent handling. This issue has been addressed in version 1.10.12-lts. Users are advis...
How severe is CVE-2024-39911?
CVE-2024-39911 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-39911?
Check the references section above for vendor advisories and patch information. Affected products include: Fit2Cloud 1Panel.