CVE-2024-53582

HighPublic PoC

Published: 31 January 2025

Published

31 January 2025

Modified

23 May 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0676 91.3th percentile

Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Description

An issue found in the Copy and View functions in the File Manager component of OpenPanel v0.3.4 allows attackers to execute a directory traversal via a crafted HTTP request.

Security Summary

CVE-2024-53582 is a directory traversal vulnerability (CWE-22) in the Copy and View functions of the File Manager component in OpenPanel version 0.3.4. The flaw allows attackers to traverse directories and access unauthorized files through a crafted HTTP request. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high severity due to significant confidentiality impact.

Remote attackers require no authentication or privileges to exploit this vulnerability over the network, with low attack complexity and no user interaction needed. Exploitation enables reading of sensitive files outside the intended scope, potentially exposing configuration data, user files, or other confidential information on the affected system.

The OpenPanel changelog for version 0.3.5 includes security fixes that address this issue. Further technical details are documented on PacketStorm.

Details

CWE(s): CWE-22

Affected Products

openpanel

0.3.4

References

https://openpanel.com/docs/changelog/0.3.5/#%EF%B8%8F-security-fixes
Broken Link · cve@mitre.org
https://packetstorm.news/files/id/188913/
Exploit · cve@mitre.org