cbcvebase.
CVE-2024-53537
published 2025-01-31

CVE-2024-53537: An issue in OpenPanel v0.3.4 to v0.2.1 allows attackers to execute a directory traversal in File Actions of File Manager.

PriorityP264critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EXPLOIT
EPSS
2.28%
80.9th percentile
An issue in OpenPanel v0.3.4 to v0.2.1 allows attackers to execute a directory traversal in File Actions of File Manager.

Affected

1 ranges
VendorProductVersion rangeFixed in
openpanelopenpanel0.2.1 – 0.3.4

Detection & IOCsextracted from sources · hover to see the quote

urlPOST /compress_files HTTP/2
urlPOST /copy_item?item_name=shadow&path_param=/etc&item_type=text%2Fplain&destination_path=/home/stefan/ HTTP/2
urlGET /download_file/shadow?path_param=/etc HTTP/2
urlGET /view_file?filename=shadow&path_param=/etc HTTP/2
path../../etc
commandarchiveName=/home/stefan/test/test3&selectedFiles%5B%5D=shadow&pathParam=../../etc&extension=tar
  • Detect directory traversal attempts in the `pathParam` or `path_param` POST/GET parameters targeting endpoints /compress_files, /copy_item, /download_file, and /view_file on OpenPanel (port 2083). Look for sequences such as `../../` or absolute paths like `/etc` in these parameters.
  • Monitor POST requests to /compress_files with a `pathParam` value containing `..` traversal sequences, which indicates an attempt to compress files outside the user's home directory.
  • Monitor GET requests to /download_file/* and /view_file with `path_param` set to sensitive system paths (e.g., /etc) to detect attempts to read sensitive files such as /etc/shadow.
  • Monitor POST requests to /copy_item with `path_param=/etc` or other absolute paths outside the user's home directory, indicating an attempt to copy sensitive system files.
  • Flag requests to OpenPanel File Manager endpoints (port 2083) where the filename parameter is set to `shadow`, `passwd`, or other sensitive system filenames in combination with path traversal indicators.
  • ·The exploit was tested against the live demo instance at demo.openpanel.org:2083. The session cookie value in the PoC is specific to that demo environment and should not be treated as a universal indicator; attackers will use their own valid session tokens.
  • ·The vulnerability affects OpenPanel versions v0.2.1 through v0.3.4. Detection rules should be scoped to these versions or applied broadly until patched.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.