Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
1Panel O&M management panel has a background arbitrary file reading vulnerability
Vulnerability Description
1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, arbitrary file reads allow an attacker to read arbitrary important configuration files on the server. In the `api/v1/file.go` file, there is a function called `LoadFromFile`, which directly reads the file by obtaining the requested path `parameter[path]`. The request parameters are not filtered, resulting in a background arbitrary file reading vulnerability. Version 1.5.0 has a patch for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
1Panel 路径遍历漏洞
Vulnerability Description
1Panel是中国1panel社区的一个开源的Linux服务器运维管理面板。 1Panel 1.4.3版本存在路径遍历漏洞。攻击者利用该漏洞可以读取服务器上任意重要的配置文件。
CVSS Information
N/A
Vulnerability Type
N/A