CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-39966

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the `api/v1/file.go` file, there is a function called `SaveContentthat,It `recieves JSON data sent by users in the form of a POST request. And the lack of parameter filtering allows for arbitrary file write operations. Version 1.5.0 contains a patch for this issue.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 40.8%

CVSS Severity

CVSS v3 Score 7.5

References

https://github.com/1Panel-dev/1Panel/releases/tag/v1.5.0
https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-hf7j-xj3w-87g4
https://github.com/1Panel-dev/1Panel/releases/tag/v1.5.0
https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-hf7j-xj3w-87g4

Products affected by CVE-2023-39966

Fit2cloud » 1panel » Version: 1.4.3

cpe:2.3:a:fit2cloud:1panel:1.4.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-39966

Products

Pricing

Contact Us