Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2024-39907

CRITICAL
Published 2024-07-18T15:31:30.892Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-39907. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
9.8
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.640
probability
of exploitation in the wild

There is a 64.0% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.983
Higher than 98.3% of all CVEs

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED

Impact Metrics

Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Description

1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to upgrade. There are no known workarounds for these issues.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

1Panel-dev

1Panel

Affected Versions:

>= 1.10.9-tls, < 1.10.12-tls
fit2cloud

1panel

Affected Versions:

0

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed CRITICAL

1Panel has an SQL injection issue related to the orderBy clause

GHSA-5grx-v727-qmq6

Advisory Details

### Summary There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. The proof is as follows ### Details (one of them ) <img width="697" alt="image" src="https://github.com/1Panel-dev/1Panel/assets/129351704/895b7b43-9bc0-44b3-9c84-24c2dcc962da"> <img width="936" alt="image" src="https://github.com/1Panel-dev/1Panel/assets/129351704/1b8eb866-9865-4bef-a359-53335d709157"> <img width="684" alt="image" src="https://github.com/1Panel-dev/1Panel/assets/129351704/e865d6d0-7ecb-49f7-b4a2-f1b0bc407986"> ### PoC curl 'http://api:30455/api/v1/hosts/command/search' {"page":1,"pageSize":10,"groupID":0,"orderBy":"**3**","order":"ascending","name":"a"} <img width="664" alt="image" src="https://github.com/1Panel-dev/1Panel/assets/129351704/250d5a2a-cb32-44dc-9831-86dbc2f2b43f"> for example as picture . just change orderby‘s num we can know How many columns does the data table have.Parameters require strict whitelist filtering ### Impact RCE、data leak.

Affected Packages

Go github.com/1Panel-dev/1Panel
ECOSYSTEM: ≥0 <1.10.12-tls

CVSS Scoring

CVSS Score

9.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

WEB https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-39907
WEB https://github.com/1Panel-dev/1Panel/commit/ff549a47937c1314e6ee08453a1d2128242440cd
PACKAGE https://github.com/1Panel-dev/1Panel

Advisory provided by GitHub Security Advisory Database. Published: July 18, 2024, Modified: July 24, 2024

References

https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6
Published: 2024-07-18T15:31:30.892Z
Last Modified: 2024-08-02T04:33:11.402Z
Copied to clipboard!