The OpenPanel File Manager version 0.3.4 is vulnerable to a directory traversal exploit. By sending a crafted GET request to view_file with the filename parameter set to 'shadow' and path_param set to '/etc', an attacker can access sensitive system files outside the intended directory. This vulnerability has been assigned CVE-2024-53582.
The OpenPanel version 0.3.4 is vulnerable to an incorrect access control issue. An attacker can exploit this vulnerability by sending a crafted HTTP request to access unauthorized files or directories on the server.
Jasmin Ransomware's web panel allows authenticated users to download arbitrary files due to a SQL Injection vulnerability, potentially leading to unauthorized access to sensitive data. This vulnerability has been assigned CVE-2025-XXXXX.
The OpenPanel version 0.3.4 is vulnerable to directory traversal. By exploiting this vulnerability, an attacker can traverse the directories outside the intended location and gain unauthorized access to sensitive files. This vulnerability has been assigned CVE-2024-53537.
WebFileSys 2.31.0 is prone to a directory traversal vulnerability in the 'relPath' parameter. An attacker can exploit this issue by sending a crafted HTTP request to the affected server, allowing them to traverse directories and access sensitive files outside the intended directory structure. This vulnerability has been assigned CVE-2024-53586.
Anchor CMS 0.12.7 is vulnerable to stored cross-site scripting (XSS) attacks. By injecting a malicious script into the post creation fields, an attacker can execute arbitrary scripts in the context of an authenticated user, leading to potential data theft or unauthorized actions. This vulnerability has a CVE identifier pending assignment.
The OpenPanel version 0.3.4 is vulnerable to OS command injection. An attacker can exploit this vulnerability by injecting a malicious command through the 'timezone' parameter in the HTTP POST request. This can lead to arbitrary command execution on the server.
The exploit leverages an unauthenticated API endpoint (/api/config) on the Solstice Pod to extract sensitive information like the session key, server version, product details, and display name. Attackers can retrieve live session data by accessing this endpoint without proper authentication.
The reNgine version 2.2.0 is vulnerable to authenticated command injection. By modifying the nmap_cmd parameters in the yml configuration, an attacker can inject malicious commands. This can lead to unauthorized remote code execution with the privileges of the application. This exploit allows an authenticated user to execute arbitrary commands on the underlying system.
The Backdrop CMS version 1.27.1 is vulnerable to authenticated remote command execution. An attacker can exploit this vulnerability to execute arbitrary commands on the target system. This could lead to unauthorized access, data theft, and further compromise of the system. This exploit was authored by Ahmet Ümit BAYRAM.
Services By CQR