FIT2CLOUD 1Panel 1.4.3
Approved changes feed: RSS · Atom
cpe:2.3:a:fit2cloud:1panel:1.4.3:*:*:*:*:*:*:*
part: a version: 1.4.3 update: *
| Vendor | Fit2Cloud (c8671a2b-c20a-5faf-aa4d-02770d5e105b) |
|---|---|
| Product | 1Panel (107e1b64-5cda-5e11-9232-e1fce44c688b) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-39966 |
vulnerable | 2026-06-08 06:09:38.204220 |
1Panel arbitrary file write vulnerability exists in the background
HIGH (7.5)
1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the `api/v1/file.go` file, there is a function called `SaveContentthat,It `recieves JSON data sent by users in the form of a POST request. And the lack of parameter filtering allows for arbitrary file write operations. Version 1.5.0 contains a patch for this issue.
Published: 2023-08-10T17:46:21.104Z
Updated: 2024-10-04T18:56:18.054Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-39965 |
vulnerable | 2026-06-08 06:09:38.203792 |
1Panel Unauthorized access in Backend
MEDIUM (6.5)
1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, authenticated attackers can download arbitrary files through the API interface. This code has unauthorized access. Attackers can freely download the file content on the target system. This may cause a large amount of information leakage. Version 1.5.0 has a patch for this issue.
Published: 2023-08-10T17:42:05.793Z
Updated: 2024-10-04T18:57:04.477Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-39964 |
vulnerable | 2026-06-08 06:09:38.202472 |
1Panel O&M management panel has a background arbitrary file reading vulnerability
HIGH (7.5)
1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, arbitrary file reads allow an attacker to read arbitrary important configuration files on the server. In the `api/v1/file.go` file, there is a function called `LoadFromFile`, which directly reads the file by obtaining the requested path `parameter[path]`. The request parameters are not filtered, resulting in a background arbitrary file reading vulnerability. Version 1.5.0 has a patch for this issue.
Published: 2023-08-10T17:39:11.768Z
Updated: 2024-10-04T18:57:45.505Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.