| Titel | Kodbox 1.64 Command Injection |
|---|
| Beschreibung | The fileThumb plugin in kodbox reads the ffmpegBin and imagickBin configuration values and passes them directly into shell_exec($bin . ' --help') without escaping or whitelisting. An authenticated administrator can set these values to include shell metacharacters (e.g., ffmpeg; <command>;#) via admin/plugin/setConfig, then trigger plugin/fileThumb/check to execute arbitrary system commands on the server.
This results in a post-auth remote command execution vulnerability: once an attacker gains administrative configuration rights, they can run arbitrary commands under the web server’s privileges. Mitigation requires removing unsafe shell concatenation, strictly whitelisting allowed binaries and paths, using non-shell process execution APIs with validated arguments, and tightening configuration permissions and auditing. |
|---|
| Quelle | ⚠️ https://vulnplus-note.wetolink.com/share/3ml5XA0firIa |
|---|
| Benutzer | vulnplusbot (UID 96250) |
|---|
| Einreichung | 09.03.2026 04:31 (vor 1 Monat) |
|---|
| Moderieren | 22.03.2026 12:40 (13 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 352427 [kalcaddle kodbox 1.64 fileThumb Endpoint app.php checkBin erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|