CVE-2024-53537

CRITICAL

openpanel 0.2.1-0.3.4 - Path Traversal in File Manager File Actions

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-53537. PoCs published by Korn Chaisuwan_ Charanin Thongudom_ Pongtorn Angsuchotmetee.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in OpenPanel 0.3.4, allowing unauthorized access to files outside the intended directory via manipulated path parameters in multiple API endpoints.

Description

An issue in OpenPanel v0.3.4 to v0.2.1 allows attackers to execute a directory traversal in File Actions of File Manager.

Exploits (1)

exploitdb WORKING POC

by Korn Chaisuwan_ Charanin Thongudom_ Pongtorn Angsuchotmetee · textwebappsmultiple

https://www.exploit-db.com/exploits/52195

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in OpenPanel 0.3.4, allowing unauthorized access to files outside the intended directory via manipulated path parameters in multiple API endpoints.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: OpenPanel 0.3.4

Auth required

Prerequisites: Valid session cookie · Access to vulnerable endpoints

MITRE ATT&CK

T1006 - Direct Volume Access T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Broken Link

https://openpanel.com/docs/changelog/0.3.5/#%EF%B8%8F-security-fixes

Third Party Advisory

https://packetstorm.news/files/id/188913/

Scores

CVSS v3 9.1

EPSS 0.0581

EPSS Percentile 90.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-22

Status published

Products (1)

openpanel/openpanel 0.2.1 - 0.3.4

Published Jan 31, 2025

Tracked Since Feb 18, 2026