CVE-2023-36630: 
CloudPanel vulnerability analysis and mitigation

CVE-2023-36630 affects CloudPanel versions before 2.3.1, where an insecure file upload vulnerability leads to privilege escalation and authentication bypass. The vulnerability was discovered on June 7, 2023, privately disclosed to the vendor on June 8, and subsequently patched with the release of version 2.3.1 on June 20, 2023. The vulnerability received a CVSS v3.1 base score of 8.8 (HIGH) (NVD).

The vulnerability exists in the File Manager feature where a normal 'User' can exploit a path traversal vulnerability during file upload. By manipulating the 'uploadfullpath' value in the upload request with '../../../../' prefixes, an attacker can traverse the file path and upload files with 'root' privileges. Since the application requires SSH service, an attacker can exploit this to upload their own SSH keys by creating or overwriting '../../../../../../root/.ssh/authorizedkeys' (POC Dump).

The vulnerability allows an attacker with basic user privileges to achieve unauthorized root access to the server through SSH key manipulation. This effectively bypasses authentication controls and grants the highest level of system privileges (POC Dump).

The vulnerability has been fixed in CloudPanel version 2.3.1. Users are strongly advised to upgrade to this version or later to address the security issue. The fix ensures proper access control enforcement when uploading files to the server (CloudPanel Changelog).