The OpenPanel File Manager version 0.3.4 is vulnerable to a directory traversal exploit. By sending a crafted GET request to view_file with the filename parameter set to 'shadow' and path_param set to '/etc', an attacker can access sensitive system files outside the intended directory. This vulnerability has been assigned CVE-2024-53582.
The OpenPanel version 0.3.4 is vulnerable to an incorrect access control issue. An attacker can exploit this vulnerability by sending a crafted HTTP request to access unauthorized files or directories on the server.
The OpenPanel version 0.3.4 is vulnerable to directory traversal. By exploiting this vulnerability, an attacker can traverse the directories outside the intended location and gain unauthorized access to sensitive files. This vulnerability has been assigned CVE-2024-53537.
WebFileSys 2.31.0 is prone to a directory traversal vulnerability in the 'relPath' parameter. An attacker can exploit this issue by sending a crafted HTTP request to the affected server, allowing them to traverse directories and access sensitive files outside the intended directory structure. This vulnerability has been assigned CVE-2024-53586.
The OpenPanel version 0.3.4 is vulnerable to OS command injection. An attacker can exploit this vulnerability by injecting a malicious command through the 'timezone' parameter in the HTTP POST request. This can lead to arbitrary command execution on the server.
Services By CQR