1Panel is an open source Linux server operation and maintenance management panel. Prior to v1.10.3-lts, there are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. The mirror configuration write symbol `>` can be used to achieve arbitrary file writing. This vulnerability is fixed in v1.10.3-lts.
History

Fri, 07 Feb 2025 03:00:00 +0000

Type Values Removed Values Added
First Time appeared Fit2cloud
Fit2cloud 1panel
CPEs cpe:2.3:a:fit2cloud:1panel:*:*:*:*:*:*:*:*
Vendors & Products Fit2cloud
Fit2cloud 1panel

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2024-08-02T02:51:10.692Z

Reserved: 2024-05-02T06:36:32.438Z

Link: CVE-2024-34352

cve-icon Vulnrichment

Updated: 2024-08-02T02:51:10.692Z

cve-icon NVD

Status : Analyzed

Published: 2024-05-14T15:38:43.160

Modified: 2025-02-07T02:44:20.557

Link: CVE-2024-34352

cve-icon Redhat

No data.