Junehck

Name of the Vulnerable Software and Affected Versions: 1Panel versions prior to 1.10.12-lts Description: The issue is related to an unspecified SQL injection via User-Agent handling in 1Panel, a web-based Linux server management control panel. This could allow a remote attacker to execute arbitrary code and upload arbitrary files. There are no known workarounds for this issue. Recommendations: For versions prior to 1.10.12-lts, upgrade to version 1.10.12-lts to address the issue. As a temporary workaround, consider restricting access to the `User-Agent` handling functionality until the upgrade is applied.