{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T02:52:23.912","vulnerabilities":[{"cve":{"id":"CVE-2025-66292","sourceIdentifier":"security-advisories@github.com","published":"2026-01-15T17:16:04.570","lastModified":"2026-03-12T18:07:07.010","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"DPanel is an open source server management panel written in Go. Prior to 1.9.2, DPanel has an arbitrary file deletion vulnerability in the /api/common/attach/delete interface. Authenticated users can delete arbitrary files on the server via path traversal. When a user logs into the administrative backend, this interface can be used to delete files. The vulnerability lies in the Delete function within the app/common/http/controller/attach.go file. The path parameter submitted by the user is directly passed to storage.Local{}.GetSaveRealPath and subsequently to os.Remove without proper sanitization or checking for path traversal characters (../). And the helper function in common/service/storage/local.go uses filepath.Join, which resolves ../ but does not enforce a chroot/jail. This vulnerability is fixed in 1.9.2."},{"lang":"es","value":"DPanel es un panel de gestión de servidor de código abierto escrito en Go. Anterior a 1.9.2, DPanel tiene una vulnerabilidad de eliminación arbitraria de archivos en la interfaz /api/common/attach/delete. Los usuarios autenticados pueden eliminar archivos arbitrarios en el servidor mediante salto de ruta. Cuando un usuario inicia sesión en el backend administrativo, esta interfaz puede usarse para eliminar archivos. La vulnerabilidad reside en la función Delete dentro del archivo app/common/http/controller/attach.go. El parámetro de ruta enviado por el usuario se pasa directamente a storage.Local{}.GetSaveRealPath y, posteriormente, a os.Remove sin una sanitización adecuada o sin verificar caracteres de salto de ruta (../). Y la función auxiliar en common/service/storage/local.go utiliza filepath.Join, que resuelve ../ pero no impone un chroot/jail. Esta vulnerabilidad está corregida en 1.9.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-73"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dpanel:dpanel:*:*:*:*:*:go:*:*","versionEndExcluding":"1.9.2","matchCriteriaId":"2B472AD9-9206-4EA4-A7BE-3FFA42B28FE9"}]}]}],"references":[{"url":"https://github.com/donknap/dpanel/commit/cbda0d90204e8212f2010774345c952e42069119","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/donknap/dpanel/releases/tag/v1.9.2","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/donknap/dpanel/security/advisories/GHSA-vh2x-fw87-4fxq","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}