1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the `api/v1/file.go` file, there is a function called `SaveContentthat,It `recieves JSON data sent by users in the form of a POST request. And the lack of parameter filtering allows for arbitrary file write operations. Version 1.5.0 contains a patch for this issue.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| github.com/1Panel-dev/1Panel(Go) | 1.4.3 | 1.5.0 | N/A |
CVSS Metrics
