cbcvebase.
CVE-2024-53582
published 2025-01-31

CVE-2024-53582: An issue found in the Copy and View functions in the File Manager component of OpenPanel v0.3.4 allows attackers to execute a directory traversal via a crafted…

PriorityP357high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
3.15%
86.3th percentile
An issue found in the Copy and View functions in the File Manager component of OpenPanel v0.3.4 allows attackers to execute a directory traversal via a crafted HTTP request.

Affected

1 ranges
VendorProductVersion rangeFixed in
openpanelopenpanel

Detection & IOCsextracted from sources · hover to see the quote

urlGET /view_file?filename=shadow&path_param=/etc HTTP/2
urlGET /files/../.. HTTP/2
port2083
path/view_file
path/files/../..
  • Detect directory traversal attempts targeting the OpenPanel File Manager via the /view_file endpoint with path_param values containing absolute paths outside the web root (e.g., /etc).
  • Detect path traversal sequences (/../) in requests to the /files/ endpoint on OpenPanel port 2083, indicative of directory traversal exploitation.
  • Monitor for requests to /view_file with filename=shadow, which indicates an attempt to read /etc/shadow via the directory traversal vulnerability.
  • Flag HTTP requests to OpenPanel (port 2083) that include the X-Requested-With: XMLHttpRequest header combined with path traversal sequences in the URL path.
  • Requests originating with Referer: https://demo.openpanel.org:2083/files/ combined with traversal patterns in the request path are characteristic of this exploit chain.
  • ·The exploit was tested against OpenPanel v0.3.4 specifically; other versions may or may not be vulnerable. Scope detection rules accordingly.
  • ·The exploit was demonstrated against a live demo host (demo.openpanel.org:2083); production deployments may use different hostnames or ports, so detection should not be host-specific.
  • ·Two separate exploit vectors exist for CVE-2024-53582: the View function (/view_file endpoint) and the Copy function, as well as an Incorrect Access Control path traversal via /files/. Detection rules should cover both attack surfaces.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.