CVE-2024-53537
published 2025-01-31CVE-2024-53537: An issue in OpenPanel v0.3.4 to v0.2.1 allows attackers to execute a directory traversal in File Actions of File Manager.
PriorityP264critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EXPLOIT
EPSS
2.28%
80.9th percentile
An issue in OpenPanel v0.3.4 to v0.2.1 allows attackers to execute a directory traversal in File Actions of File Manager.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openpanel | openpanel | 0.2.1 – 0.3.4 | — |
Detection & IOCsextracted from sources · hover to see the quote
urlPOST /copy_item?item_name=shadow&path_param=/etc&item_type=text%2Fplain&destination_path=/home/stefan/ HTTP/2↗
commandarchiveName=/home/stefan/test/test3&selectedFiles%5B%5D=shadow&pathParam=../../etc&extension=tar↗
- →Detect directory traversal attempts in the `pathParam` or `path_param` POST/GET parameters targeting endpoints /compress_files, /copy_item, /download_file, and /view_file on OpenPanel (port 2083). Look for sequences such as `../../` or absolute paths like `/etc` in these parameters. ↗
- →Monitor POST requests to /compress_files with a `pathParam` value containing `..` traversal sequences, which indicates an attempt to compress files outside the user's home directory. ↗
- →Monitor GET requests to /download_file/* and /view_file with `path_param` set to sensitive system paths (e.g., /etc) to detect attempts to read sensitive files such as /etc/shadow. ↗
- →Monitor POST requests to /copy_item with `path_param=/etc` or other absolute paths outside the user's home directory, indicating an attempt to copy sensitive system files. ↗
- →Flag requests to OpenPanel File Manager endpoints (port 2083) where the filename parameter is set to `shadow`, `passwd`, or other sensitive system filenames in combination with path traversal indicators. ↗
- ·The exploit was tested against the live demo instance at demo.openpanel.org:2083. The session cookie value in the PoC is specific to that demo environment and should not be treated as a universal indicator; attackers will use their own valid session tokens. ↗
- ·The vulnerability affects OpenPanel versions v0.2.1 through v0.3.4. Detection rules should be scoped to these versions or applied broadly until patched. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2025-01-31
Published