Darkfive2022

**Name of the Vulnerable Software and Affected Versions** 1Panel version 1.4.3 **Description** 1Panel is an open source Linux server operation and maintenance management panel. In the `api/v1/file.go` file, there is a function called `LoadFromFile`, which directly reads the file by obtaining the requested path `parameter[path]`. The request parameters are not filtered, resulting in a background arbitrary file reading vulnerability. This allows an attacker to read arbitrary important configuration files on the server. **Recommendations** For version 1.4.3, update to version 1.5.0 to resolve the issue. As a temporary workaround, consider disabling the `LoadFromFile` function in the `api/v1/file.go` file until a patch is available. Restrict access to the `/api/v1/files/loadfile` endpoint to minimize the risk of exploitation. Avoid using the `parameter[path]` in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** 1Panel versions 1.4.3 **Description** An arbitrary file write vulnerability could lead to direct control of the server. In the `api/v1/file.go` file, there is a function called `SaveContentthat,It` that receives JSON data sent by users in the form of a POST request. The lack of parameter filtering allows for arbitrary file write operations. This issue can be exploited by writing the SSH public key into the `/etc/.root/authorized keys` configuration file on the server, allowing for direct control of the server. **Recommendations** For version 1.4.3, update to version 1.5.0 to resolve the issue. As a temporary workaround, consider restricting access to the `api/v1/file.go` file or disabling the `SaveContentthat,It` function until a patch is applied. Avoid using the vulnerable API endpoint until the issue is resolved.