CVE-2024-2352 | 1Panel up to 1.10.1-lts swap baseApi.UpdateDeviceSwap Path command injection (ID 4131)

A vulnerability, which was classified as critical, has been found in 1Panel up to 1.10.1-lts. Affected by this issue is the function baseApi.UpdateDeviceSwap of the file /api/v1/toolbox/device/update/swap. The manipulation of the argument Path with the input 123123123nopen -a Calculator leads to command injection.

This vulnerability is handled as CVE-2024-2352. The attack may be launched remotely. Furthermore, there is an exploit available.

It is recommended to apply a patch to fix this issue.

CVE-2024-2352 | 1Panel up to 1.10.1-lts swap baseApi.UpdateDeviceSwap Path command injection (ID 4131)

Related Posts

CVE-2024-3071 | ACF On-The-Go Plugin up to 1.0.1 on WordPress authorization

CVE-2024-25981 | Moodle prior 4.3.3/4.1.9 Forum Export access control

CVE-2024-43406 | LF-Edge ekuiper up to 1.14.1 sql injection (GHSA-r5ph-4jxm-6j9p)

CVE-2024-2603 | Salon Booking System Plugin up to 9.6.5 on WordPress Setting cross site scripting