cbcvebase.

Github.Com 1Panel-Dev 1Panel vulnerabilities

17 known vulnerabilities affecting github.com/1panel-dev_1panel.

Total CVEs
17
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH6MEDIUM8LOW1UNKNOWN1

Vulnerabilities

Page 1 of 1
CVE-2023-39964P2HIGHExploited≥ 1.4.3, < 1.5.02023-08-10
CVE-2023-39964 [HIGH] CWE-22 1Panel O&M management panel has a background arbitrary file reading vulnerability 1Panel O&M management panel has a background arbitrary file reading vulnerability ### Summary Arbitrary file reads allow an attacker to read arbitrary important configuration files on the server. ### Details In the api/v1/file.go file, there is a function called LoadFromFile, which directly reads the file by obtaining the requested path parameter[path]. The request parameters are not
ghsaosv
CVE-2024-39907P1CRITICALPoC≥ 0, < 1.10.12-tls2024-07-18
CVE-2024-39907 [CRITICAL] CWE-89 1Panel has an SQL injection issue related to the orderBy clause 1Panel has an SQL injection issue related to the orderBy clause ### Summary There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. The proof is as follows ### Details (one of them ) ### PoC curl 'http://api:30455/api/v1/hosts/command/search' {"page":1,"pageSize":10,"groupID":0,"orderBy":"**3**","order
ghsaosv
CVE-2023-37477P2HIGH≥ 0, < 1.4.32023-07-18
CVE-2023-37477 [HIGH] CWE-78 1Panel command injection vulnerability in Firewall ip functionality 1Panel command injection vulnerability in Firewall ip functionality ### Summary An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. ### Details 1Panel firewall functionality `/hosts/firewall/ip` endpoint read user inpu
ghsaosv
CVE-2024-39911P2UNKNOWN≥ 0, < 1.10.12-lts2024-07-22
CVE-2024-39911 1Panel SQL injection in github.com/1Panel-dev/1Panel 1Panel SQL injection in github.com/1Panel-dev/1Panel 1Panel SQL injection in github.com/1Panel-dev/1Panel
osv
CVE-2024-2352P2MEDIUM≥ 0, < 1.10.1-lts2024-03-10
CVE-2024-2352 [MEDIUM] CWE-77 1Panel is vulnerable to command injection 1Panel is vulnerable to command injection 1Panel is vulnerable to command injection. This vulnerability has been classified as critical, has been found in 1Panel up to 1.10.1-lts. Affected by this issue is the function baseApi.UpdateDeviceSwap of the file /api/v1/toolbox/device/update/swap. The manipulation of the argument Path with the input 123123123\nopen -a Calculator leads to command injection. The attack may be launch
ghsaosv
CVE-2023-39966P3HIGH≥ 1.4.3, < 1.5.02023-08-10
CVE-2023-39966 [HIGH] CWE-862 1Panel arbitrary file write vulnerability 1Panel arbitrary file write vulnerability # Summary An arbitrary file write vulnerability could lead to direct control of the server # Details ## Arbitrary file creation In the api/v1/file.go file, there is a function called SaveContentthat,It recieves JSON data sent by users in the form of a POST request. And the lack of parameter filtering allows for arbitrary file write operations.It looks like this: - Vulnerable Code
ghsaosv
CVE-2023-36458P3MEDIUM≥ 0, < 1.3.62023-07-05
CVE-2023-36458 [MEDIUM] CWE-77 1Panel vulnerable to command injection when entering the container terminal 1Panel vulnerable to command injection when entering the container terminal ### Impact The authenticated attacker can craft a malicious payloads to achieve command injection when entering the container terminal. 1. Vulnerability analysis. ``` backend\app\api\v1\terminal.go#ContainerWsSsh ``` 2. vulnerability reproduction. ``` GET /api/v1/containers/exec?cols=80&rows=24&containerid=/b
ghsaosv
CVE-2023-36457P3MEDIUM≥ 0, < 1.3.62023-07-05
CVE-2023-36457 [MEDIUM] CWE-74 1Panel vulnerable to command injection when adding container repositories 1Panel vulnerable to command injection when adding container repositories ### Impact The authenticated attacker can craft a malicious payload to achieve command injection when adding container repositories. 1. Vulnerability analysis. ``` backend\app\api\v1\image_repo.go#create ``` ``` backend\app\service\image_repo.go#CheckConn ``` 2. vulnerability reproduction. ``` POST /api/v1/cont
ghsaosv
CVE-2025-66507P3HIGH≥ 0, < 2.0.142025-12-08
CVE-2025-66507 [HIGH] CWE-290 1Panel – CAPTCHA Bypass via Client-Controlled Flag 1Panel – CAPTCHA Bypass via Client-Controlled Flag ### Summary A CAPTCHA bypass vulnerability in the 1Panel authentication API allows an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA protections could be bypassed, enabling automated login attempts and significantly increasing the
ghsaosv
CVE-2024-34352P3MEDIUM≥ 0, < 1.10.3-lts2024-05-09
CVE-2024-34352 [MEDIUM] CWE-77 1Panel arbitrary file write vulnerability 1Panel arbitrary file write vulnerability ### Summary There are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. We can use the following mirror configuration write symbol `>` to achieve arbitrary file writing ### PoC Dockerfile ``` FROM bash:latest COPY echo.sh /usr/local/bin/echo.sh RUN chmod +x /usr/local/bin/echo.sh CMD [
ghsaosv
CVE-2025-66508P3MEDIUM≥ 0, < 2.0.142025-12-08
CVE-2025-66508 [MEDIUM] CWE-290 1Panel IP Access Control Bypass via Untrusted X-Forwarded-For Headers 1Panel IP Access Control Bypass via Untrusted X-Forwarded-For Headers ### Summary The server trusts all reverse-proxy headers by default, so any remote client can spoof `X-Forwarded-For` to bypass IP-based protections (AllowIPs, API IP whitelist, “localhost-only” checks). All IP-based access control becomes ineffective. ### Details - Gin is created with defaults (`gin.Default()`), which sets `
ghsaosv
CVE-2024-24768P3LOW≥ 0, < 1.9.62024-02-05
CVE-2024-24768 [LOW] CWE-311 1Panel set-cookie is missing the Secure keyword 1Panel set-cookie is missing the Secure keyword ### Summary The https cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text when accessing http accidentally. https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Headers/Set-Cookie#secure ### PoC Directly configure https for the panel, and then capture the packet when logging in again and find that the cooki
ghsaosv
CVE-2025-34429P4HIGH≥ 1.10.33, ≤ 2.0.152025-12-10
CVE-2025-34429 [HIGH] CWE-352 1Panel contains a cross-site request forgery (CSRF) vulnerability in the web port configuration functionality 1Panel contains a cross-site request forgery (CSRF) vulnerability in the web port configuration functionality 1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the web port configuration functionality. The port-change endpoint lacks CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker c
ghsaosv
CVE-2025-34410P4HIGH≥ 1.10.33, ≤ 2.0.152025-12-10
CVE-2025-34410 [HIGH] CWE-352 1Panel contains a cross-site request forgery (CSRF) vulnerability in the Change Username functionality 1Panel contains a cross-site request forgery (CSRF) vulnerability in the Change Username functionality 1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the Change Username functionality available from the settings panel (/settings/panel). The endpoint does not implement CSRF protections such as anti-CSRF tokens or Origi
ghsaosv
CVE-2023-39965P4MEDIUM≥ 1.4.3, < 1.5.02023-08-10
CVE-2023-39965 [MEDIUM] CWE-863 1Panel Arbitrary File Download vulnerability 1Panel Arbitrary File Download vulnerability ### Summary Any file downloading vulnerability exists in 1Panel backend. ### Details Authenticated attackers can download arbitrary files through the API interface. This code has unauthorized access. ### PoC payload: POST /api/v1/files/download/bypath HTTP/1.1 Host: ip Content-Type: application/json {"path":"/etc/passwd"} ### Impact Attackers can freely download the f
ghsaosv
CVE-2025-34430P4MEDIUM≥ 1.10.33, ≤ 2.0.152025-12-10
CVE-2025-34430 [MEDIUM] CWE-352 1Panel contains a cross-site request forgery (CSRF) vulnerability in the panel name management functionality 1Panel contains a cross-site request forgery (CSRF) vulnerability in the panel name management functionality 1Panel versions 1.10.33 through 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the panel name management functionality. The affected endpoint does not implement CSRF defenses such as anti-CSRF tokens or Origin/Referer validation
ghsaosv
CVE-2024-27288P4MEDIUM≥ 0, < 1.10.1-lts2024-03-06
CVE-2024-27288 [MEDIUM] CWE-863 1Panel open source panel project has an unauthorized vulnerability. 1Panel open source panel project has an unauthorized vulnerability. ### Impact The steps are as follows: 1. Access https://IP:PORT/ in the browser, which prompts the user to access with a secure entry point. 2. Use Burp to intercept: When opening the browser and entering the URL (allowing the first intercepted packet through Burp), the following is displayed: It is found that in this situ
ghsaosv
Github.Com 1Panel-Dev 1Panel vulnerabilities | cvebase