关联漏洞
标题:1Panel 安全漏洞 (CVE-2024-39907)Description:1Panel是中国1panel社区的一个开源的Linux服务器运维管理面板。 1Panel 1.10.12-tls版本存在安全漏洞,该漏洞源于1Panel中部分SQL注入过滤不善,导致任意文件写入,最终导致远程代码执行。
Description
1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to upgrade. There are no known workarounds for these issues.
文件快照
id: CVE-2024-39907
info:
name: 1Panel SQL Injection - Authenticated
author: iamnoooob,rootxhars
...
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。