High severity7.5NVD Advisory· Published Aug 10, 2023· Updated Jun 17, 2026
CVE-2023-39966
CVE-2023-39966
Description
1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the api/v1/file.go file, there is a function called SaveContentthat,It recieves JSON data sent by users in the form of a POST request. And the lack of parameter filtering allows for arbitrary file write operations. Version 1.5.0 contains a patch for this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/1Panel-dev/1PanelGo | >= 1.4.3, < 1.5.0 | 1.5.0 |
Affected products
2- Range: = 1.4.3
Patches
Vulnerability mechanics
References
4- github.com/1Panel-dev/1Panel/security/advisories/GHSA-hf7j-xj3w-87g4nvdExploitVendor AdvisoryWEB
- github.com/advisories/GHSA-hf7j-xj3w-87g4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-39966ghsaADVISORY
- github.com/1Panel-dev/1Panel/releases/tag/v1.5.0nvdProductRelease NotesWEB
News mentions
0No linked articles in our index yet.