CNNVD-202506-2787 Information
CNNVD ID
CNNVD-202506-2787
Related CVE
- CNNVD Published: 2025-06-20
Description (Chinese)
Pterodactyl Panel是Pterodactyl开源的一个免费的开源游戏服务器管理面板。 Pterodactyl Panel 1.11.11之前版本存在代码注入漏洞,该漏洞源于/locales/locale.json端点未验证locale和namespace参数,可能导致任意代码执行。
Description (English)
Pterodactyl Panel is a free open-source server management panel for Pterodactyl Open Source. Pre-Pterodactyl Panel 1.11.11 contains a code-injection loophole, which originates from the failure of the /locales/locale.json endpoint to validate the locale and namespace parameters, which may lead to any code execution.
Hazard Level
Low
Vulnerability Type
代码注入
Affected Vendor
Pterodactyl
Published
2025-06-20
Last Modified
2026-02-24
References
https://github.com/pterodactyl/panel/commit/24c82b0e335fb5d7a844226b08abf9f176e592f0 https://github.com/pterodactyl/panel/releases/tag/v1.11.11 https://github.com/pterodactyl/panel/security/advisories/GHSA-24wv-6c99-f843 https://www.exploit-db.com/exploits/52341
Patch
https://github.com/pterodactyl/panel/releases
Share on: