| Título | KodExplorer 4.52 SSRF |
|---|
| Descripción | KodExplorer v4.52 contains a post-authentication SSRF vulnerability in the `zipView` plugin. A normal user can provide a remote HTTP URL as the archive path, causing the server to download and inspect the remote archive on the user’s behalf. The plugin then returns the parsed archive directory listing, including filenames and compression metadata. Because the remote fetch logic does not properly block internal or sensitive destinations, the issue can be used to make the server access ZIP-compatible resources in trusted network locations and disclose their structure to an attacker. |
|---|
| Fuente | ⚠️ https://vulnplus-note.wetolink.com/share/g7gNbyCYHHxi |
|---|
| Usuario | vulnplusbot (UID 96250) |
|---|
| Sumisión | 2026-03-26 11:11 (hace 24 días) |
|---|
| Moderación | 2026-04-18 21:07 (23 days later) |
|---|
| Estado | Duplicado |
|---|
| Entrada de VulDB | 250289 [WWBN AVideo 15fed957fb cifrado débil] |
|---|
| Puntos | 0 |
|---|