CRITICALšŸ‡µšŸ‡± Wersja polska

CVE-2024-39911

CVSS 10.0v3.1pub. 2024-07-18upd. 2024-11-21

1Panel is a web-based linux server management control panel. 1Panel contains an unspecified sql injection via User-Agent handling. This issue has been addressed in version 1.10.12-lts. Users are advised to upgrade. There are no known workarounds for this vulnerability.

šŸ¤– AI Analysis
How it works

The attacker sends a specially crafted HTTP User-Agent header containing a malicious SQL payload to a 1Panel application endpoint. The application does not properly filter input data from this header before passing it to the database query, allowing manipulation of SQL query logic. According to available references, the vulnerability can lead to escalation to remote code execution (RCE).

Impact

An unauthenticated remote attacker can gain unauthorized access to data stored in the database, and potentially take full control of the server by escalating the SQL injection to RCE.

Mitigation & patch

1Panel must be updated immediately to version 1.10.12-lts or later. The vendor does not provide any workarounds for this vulnerability — the only effective solution is to update.

Who is affected

Fit2Cloud 1Panel in all versions prior to 1.10.12-lts

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Fit2cloud 1panel

    APP
    Fit2Cloud
    1.10.10-lts – 1.10.12-lts (bez)
šŸ”µ
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2024-39907CRITICAL9.8PL āœ“ten sam produkt

SQL Injection w Fit2Cloud 1Panel umożliwiający RCE poprzez zapis plików

CVE-2025-34410HIGH7.0ten sam produkt

1Panel versions 1.10.33 -Ā 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the Change Usern...

CVE-2025-34429HIGH7.0ten sam produkt

1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the web port con...

CVE-2025-66507HIGH7.5ten sam produkt

1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.13 and below allow...

CVE-2025-56413HIGH8.8ten sam produkt

OS Command injection vulnerability in function OperateSSH in 1panel 2.0.8 allowing attackers to execute arbitr...

CVE-2024-39911 — Fit2Cloud — 1Panel — CRITICAL — CVSS 10.0 | CVEbaza.pl