Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
1Panel – CAPTCHA Bypass via Client-Controlled Flag
Vulnerability Description
1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.13 and below allow an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA protections can be bypassed, enabling automated login attempts and significantly increasing the risk of account takeover (ATO). This issue is fixed in version 2.0.14.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
服务端安全的客户端实施
Vulnerability Title
1Panel 安全漏洞
Vulnerability Description
1Panel是中国1Panel社区的一个开源的Linux服务器运维管理面板。 1Panel 2.0.13及之前版本存在安全漏洞,该漏洞源于未验证客户端参数,可能导致CAPTCHA绕过和账户接管。
CVSS Information
N/A
Vulnerability Type
N/A