| عنوان | KodExplorer 4.52 SSRF |
|---|
| الوصف | KodExplorer v4.52 contains a post-authentication SSRF vulnerability in the `zipView` plugin. A normal user can provide a remote HTTP URL as the archive path, causing the server to download and inspect the remote archive on the user’s behalf. The plugin then returns the parsed archive directory listing, including filenames and compression metadata. Because the remote fetch logic does not properly block internal or sensitive destinations, the issue can be used to make the server access ZIP-compatible resources in trusted network locations and disclose their structure to an attacker. |
|---|
| المصدر | ⚠️ https://vulnplus-note.wetolink.com/share/g7gNbyCYHHxi |
|---|
| المستخدم | vulnplusbot (UID 96250) |
|---|
| ارسال | 26/03/2026 11:11 AM (24 أيام منذ) |
|---|
| الاعتدال | 18/04/2026 09:07 PM (23 days later) |
|---|
| الحالة | مكرر |
|---|
| إدخال VulDB | 250289 [WWBN AVideo 15fed957fb تشفير ضعيف] |
|---|
| النقاط | 0 |
|---|