Lucene search
K

6 matches found

Veracode
Veracode
added 2025/09/15 7:54 a.m.6 views

Arbitrary File Read

github.com/donknap/dpanel is vulnerable to Arbitrary File Read. The vulnerability is due to improper access control in the /api/app/compose/get-from-uri interface, which allows an attacker logged into Dpanel to read arbitrary files...

6.1CVSS6.6AI score0.00434EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/24 3:21 p.m.4 views

CVE-2025-53363

dpanel is an open source server management panel written in Go. In versions 1.2.0 through 1.7.2, dpanel allows authenticated users to read arbitrary files from the server via the /api/app/compose/get-from-uri API endpoint. The vulnerability exists in the GetFromUri function in...

6.1CVSS5.7AI score0.00434EPSS
Exploits0References1
Snyk
Snyk
added 2025/08/22 4:49 p.m.1 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the /api/app/compose/get-from-uri endpoint, which uses the GetFromUri function. A user can access arbitrary files on the server by passing arbitrary paths as the uri parameter. This is only...

6.8CVSS6.7AI score0.00434EPSS
Exploits0References2
NVD
NVD
added 2025/08/22 4:15 p.m.5 views

CVE-2025-53363

dpanel is an open source server management panel written in Go. In versions 1.2.0 through 1.7.2, dpanel allows authenticated users to read arbitrary files from the server via the /api/app/compose/get-from-uri API endpoint. The vulnerability exists in the GetFromUri function in...

6.1CVSS0.00434EPSS
Exploits0References1
OSV
OSV
added 2025/08/22 3:18 p.m.4 views

CVE-2025-53363 Dpanel has an arbitrary file read vulnerability

dpanel is an open source server management panel written in Go. In versions 1.2.0 through 1.7.2, dpanel allows authenticated users to read arbitrary files from the server via the /api/app/compose/get-from-uri API endpoint. The vulnerability exists in the GetFromUri function in...

6.1CVSS6.2AI score0.00434EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/22 12:0 a.m.4 views

PT-2025-34374 · Dpanel · Dpanel

Name of the Vulnerable Software and Affected Versions: dpanel versions 1.2.0 through 1.7.2 Description: dpanel is a server management panel written in Go. Versions of the software allow authenticated users to read arbitrary files from the server via the /api/app/compose/get-from-uri API endpoint...

6.1CVSS6.6AI score0.00434EPSS
Exploits0References8
Rows per page
Query Builder