Количество 2
Количество 2
CVE-2023-39964
1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, arbitrary file reads allow an attacker to read arbitrary important configuration files on the server. In the `api/v1/file.go` file, there is a function called `LoadFromFile`, which directly reads the file by obtaining the requested path `parameter[path]`. The request parameters are not filtered, resulting in a background arbitrary file reading vulnerability. Version 1.5.0 has a patch for this issue.
GHSA-pv7q-v9mv-9mh5
1Panel O&M management panel has a background arbitrary file reading vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-39964 1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, arbitrary file reads allow an attacker to read arbitrary important configuration files on the server. In the `api/v1/file.go` file, there is a function called `LoadFromFile`, which directly reads the file by obtaining the requested path `parameter[path]`. The request parameters are not filtered, resulting in a background arbitrary file reading vulnerability. Version 1.5.0 has a patch for this issue. | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
| GHSA-pv7q-v9mv-9mh5 1Panel O&M management panel has a background arbitrary file reading vulnerability | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
Уязвимостей на страницу