6 matches found
Arbitrary File Read
github.com/donknap/dpanel is vulnerable to Arbitrary File Read. The vulnerability is due to improper access control in the /api/app/compose/get-from-uri interface, which allows an attacker logged into Dpanel to read arbitrary files...
CVE-2025-53363
dpanel is an open source server management panel written in Go. In versions 1.2.0 through 1.7.2, dpanel allows authenticated users to read arbitrary files from the server via the /api/app/compose/get-from-uri API endpoint. The vulnerability exists in the GetFromUri function in...
External Control of File Name or Path
Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the /api/app/compose/get-from-uri endpoint, which uses the GetFromUri function. A user can access arbitrary files on the server by passing arbitrary paths as the uri parameter. This is only...
CVE-2025-53363
dpanel is an open source server management panel written in Go. In versions 1.2.0 through 1.7.2, dpanel allows authenticated users to read arbitrary files from the server via the /api/app/compose/get-from-uri API endpoint. The vulnerability exists in the GetFromUri function in...
CVE-2025-53363 Dpanel has an arbitrary file read vulnerability
dpanel is an open source server management panel written in Go. In versions 1.2.0 through 1.7.2, dpanel allows authenticated users to read arbitrary files from the server via the /api/app/compose/get-from-uri API endpoint. The vulnerability exists in the GetFromUri function in...
PT-2025-34374 · Dpanel · Dpanel
Name of the Vulnerable Software and Affected Versions: dpanel versions 1.2.0 through 1.7.2 Description: dpanel is a server management panel written in Go. Versions of the software allow authenticated users to read arbitrary files from the server via the /api/app/compose/get-from-uri API endpoint...