1panel
CVE-2024-34352
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
1Panel is an open source Linux server operation and maintenance management panel. Prior to v1.10.3-lts, there are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. The mirror configuration write symbol > can be used to achieve arbitrary file writing. This vulnerability is fixed in v1.10.3-lts.
AnalysisAI
1Panel is an open source Linux server operation and maintenance management panel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Command Injection (CWE-77), which allows attackers to inject arbitrary commands into system command execution. 1Panel is an open source Linux server operation and maintenance management panel. Prior to v1.10.3-lts, there are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. The mirror configuration write symbol > can be used to achieve arbitrary file writing. This vulnerability is fixed in v1.10.3-lts. Affected products include: Fit2Cloud 1Panel.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized APIs, avoid shell execution, validate input with strict allowlists.
1Panel is a web-based linux server management control panel. Rated critical severity (CVSS 9.8), this vulnerability is r
1Panel is a web-based linux server management control panel. Rated critical severity (CVSS 9.8), this vulnerability is r
A vulnerability, which was classified as critical, has been found in 1Panel up to 1.10.1-lts. Rated critical severity (C
1Panel is an open source Linux server operation and maintenance management panel. Rated critical severity (CVSS 9.8), th
1Panel is an open source Linux server operation and maintenance management panel. Rated high severity (CVSS 8.8), this v
1Panel is an open source Linux server operation and maintenance management panel. Rated high severity (CVSS 8.8), this v
1Panel is an open source Linux server operation and maintenance management panel. Rated high severity (CVSS 8.8), this v
1Panel is an open source Linux server operation and maintenance management panel. Rated high severity (CVSS 7.5), this v
1Panel is an open source Linux server operation and maintenance management panel. Rated medium severity (CVSS 4.3), this
1Panel is an open source Linux server operation and maintenance management panel. Rated high severity (CVSS 7.5), this v
1Panel is an open source Linux server operation and maintenance management panel. Rated low severity (CVSS 3.1), this vu
Cross-site request forgery in 1Panel (versions 1.10.33 through 2.0.15) lets a remote attacker change the TCP port the we
Same weakness CWE-77 – Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today