CVE-2024-34352

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-77
View all →

Vulnerability Description

1Panel is an open source Linux server operation and maintenance management panel. Prior to v1.10.3-lts, there are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. The mirror configuration write symbol `>` can be used to achieve arbitrary file writing. This vulnerability is fixed in v1.10.3-lts.

Related Vulnerabilities

CVE-2016-10762

HIGH
CVSS:7.5(High)

The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used.

CWE-772016

CVE-2016-6534

HIGH
CVSS:7.5(High)

Opmantek NMIS before 4.3.7c has command injection via man, finger, ping, trace, and nslookup in the tools.pl CGI script. Versions before 8.5.12G might be affected in non-default configurations.

CWE-772016

CVE-2018-1111

HIGH
CVSS:7.5(High)

DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious D...

CWE-772018

CVE-2018-16417

HIGH
CVSS:7.5(High)

Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection.

CWE-772018

CVE-2018-19911

HIGH
CVSS:7.5(High)

FreeSWITCH through 1.8.2, when mod_xml_rpc is enabled, allows remote attackers to execute arbitrary commands via the api/system or txtapi/system (or api/bg_system or txtapi/bg_system) query string on ...

CWE-772018

CVE-2019-10640

HIGH
CVSS:7.5(High)

An issue was discovered in GitLab Community and Enterprise Edition before 11.7.10, 11.8.x before 11.8.6, and 11.9.x before 11.9.4. A regex input validation issue for the .gitlab-ci.yml refs value allo...

CWE-772019