CVE-2024-39907 PoC — 1Panel 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-39907.yaml

Associated Vulnerability

Title:1Panel 安全漏洞 (CVE-2024-39907)
Description:1Panel是中国1panel社区的一个开源的Linux服务器运维管理面板。 1Panel 1.10.12-tls版本存在安全漏洞，该漏洞源于1Panel中部分SQL注入过滤不善，导致任意文件写入，最终导致远程代码执行。

Description

1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to upgrade. There are no known workarounds for these issues.

File Snapshot


 id: CVE-2024-39907

info:
  name: 1Panel SQL Injection - Authenticated
  author: iamnoooob,rootxhars

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!