CVE-2024-39911

Name of the Vulnerable Software and Affected Versions: 1Panel versions prior to 1.10.12-lts

Description: The issue is related to an unspecified SQL injection via User-Agent handling in 1Panel, a web-based Linux server management control panel. This could allow a remote attacker to execute arbitrary code and upload arbitrary files. There are no known workarounds for this issue.

Recommendations: For versions prior to 1.10.12-lts, upgrade to version 1.10.12-lts to address the issue. As a temporary workaround, consider restricting access to the User-Agent handling functionality until the upgrade is applied.