7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-39964

CVE-2023-39964: 1Panel O&M management panel has a background arbitrary file reading vulnerability

Summary

Arbitrary file reads allow an attacker to read arbitrary important configuration files on the server.

Details

In the api/v1/file.go file, there is a function called LoadFromFile, which directly reads the file by obtaining the requested path parameter[path]. The request parameters are not filtered, resulting in a background arbitrary file reading vulnerability

PoC

Request /api/v1/files/loadfile, carry /etc/passwd data to read, as shown below: 微信图片_20230731112833

Impact

1Panel v1.4.3

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2023-39964

CVE-2023-39964:

7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/1Panel-dev/1Panel	go	= 1.4.3	1.5.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability description explicitly identifies LoadFromFile in api/v1/file.go as the vulnerable function that reads files using unfiltered path parameters. Multiple sources (GitHub Advisory, NVD, and PoC) consistently point to this function's lack of input validation as the root cause. The CWE-22 classification confirms this is a path traversal vulnerability. The function's direct use of user-controlled [path] parameter matches the described attack pattern of reading /etc/passwd through crafted requests to api/v1/files/loadfile endpoint.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

7.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2023-39964: 1Panel O&M management panel has a background arbitrary file reading vulnerability

Summary

Details

PoC

Impact

CVE-2023-39964:

7.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

CVE-2023-39964: 1Panel O&M management panel has a background arbitrary file reading vulnerability

Summary

Details

PoC

Impact

Basic Information

Basic Information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

7.5

7.5

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI