CVE-2023-36458

Name of the Vulnerable Software and Affected Versions 1Panel versions prior to 1.3.6

Description The issue is related to command injection when entering the container terminal in 1Panel, an open source Linux server operation and maintenance management panel. An authenticated attacker can craft malicious payloads to achieve this. The vulnerability allows a remote attacker to execute arbitrary commands.

Recommendations For versions prior to 1.3.6, upgrade to version 1.3.6 to fix the vulnerability. As a temporary workaround, consider restricting access to the container terminal until the upgrade is applied.