CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-39964

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, arbitrary file reads allow an attacker to read arbitrary important configuration files on the server. In the `api/v1/file.go` file, there is a function called `LoadFromFile`, which directly reads the file by obtaining the requested path `parameter[path]`. The request parameters are not filtered, resulting in a background arbitrary file reading vulnerability. Version 1.5.0 has a patch for this issue.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 46.4%

CVSS Severity

CVSS v3 Score 7.5

References

https://github.com/1Panel-dev/1Panel/releases/tag/v1.5.0
https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-pv7q-v9mv-9mh5
https://github.com/1Panel-dev/1Panel/releases/tag/v1.5.0
https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-pv7q-v9mv-9mh5

Products affected by CVE-2023-39964

Fit2cloud » 1panel » Version: 1.4.3

cpe:2.3:a:fit2cloud:1panel:1.4.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-39964

Products

Pricing

Contact Us