Enviar #250188: KodExplorer KodExplorer <=4.51.03 Auth bypass && file upload unrestricted to RCEinformación

TítuloKodExplorer KodExplorer <=4.51.03 Auth bypass && file upload unrestricted to RCE
DescripciónKodexplorer has a auth bypass vuln, which allow evil user to bypass api endpoint auth to access normal user api endpoint. And after that we found a file upload unrestricted api endpoint in plugin yzOffice, and upload a php webshell to RCE.
Fuente⚠️ https://note.zhaoj.in/share/L38RNzUOwOtN
Usuario
 glzjin (UID 59815)
Sumisión2023-12-11 04:23 (hace 2 años)
Moderación2023-12-15 17:38 (5 days later)
EstadoAceptado
Entrada de VulDB248218 [kalcaddle KodExplorer hasta 4.51.03 API Endpoint getFile path/file escalada de privilegios]
Puntos16

AnteriorVisión De ConjuntoPróximo

Might our Artificial Intelligence support you?

Check our Alexa App!