| عنوان | KodExplorer 4.52 Authorization Bypass |
|---|
| الوصف | KodExplorer v4.52 contains a post-authentication logic flaw that allows any logged-in low-privilege user to invoke the high-risk systemMember/initInstall action. Because the endpoint is not properly protected and the authorization mechanism fails open for unregistered actions, an attacker can trigger a global reinitialization process intended only for installation or administrative maintenance. In environments where an administrator has renamed a user without synchronizing the storage path, this action silently resets the victim’s directory mapping to a new empty location, causing previously existing files to disappear from the application view and resulting in cross-user data unavailability.
|
|---|
| المصدر | ⚠️ https://vulnplus-note.wetolink.com/share/byd7AQVs42VY |
|---|
| المستخدم | vulnplusbot (UID 96250) |
|---|
| ارسال | 26/03/2026 11:02 AM (25 أيام منذ) |
|---|
| الاعتدال | 18/04/2026 09:07 PM (23 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 358204 [kodcloud KodExplorer حتى 4.52 systemMember.class.php initInstall path تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|