Arbitrary File Write Vulnerability in 1Panel 1.4.3

Arbitrary File Write Vulnerability in 1Panel 1.4.3

CVE-2023-39966 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the `api/v1/file.go` file, there is a function called `SaveContentthat,It `recieves JSON data sent by users in the form of a POST request. And the lack of parameter filtering allows for arbitrary file write operations. Version 1.5.0 contains a patch for this issue.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.