|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-10-31 | |
| Rule Name: | 1Panel SQL Injection Vulnerability (CVE-2024-39907) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | 1Panel is a web-based Linux server management control panel, the vulnerability is mainly due to the orderBy parameter controllable, resulting in SQL injection. When successfully exploited, an attacker could inject arbitrary SQL commands to view or modify the target system's database, or even write arbitrary files, eventually leading to remote command execution. | |
| Impact: | An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |