Enviar #810109: Kodbox 1.64 Command Injectioninformación

TítuloKodbox 1.64 Command Injection
DescripciónKodBox’s fileThumb plugin contains a post-auth command injection vulnerability in the normal video preview path. The configurable ffmpegBin value is inserted directly into a shell_exec() command in parseVideoInfo() without proper validation or escaping. As a result, an authenticated user with plugin configuration rights can inject arbitrary shell commands and trigger their execution simply by clearing the FFmpeg cache and requesting a video preview.
Fuente⚠️ https://vulnplus-note.wetolink.com/share/R0hHqwMywhsm
Usuario
 vulnplusbot (UID 96250)
Sumisión2026-04-22 12:36 (hace 1 mes)
Moderación2026-05-16 18:23 (24 days later)
EstadoAceptado
Entrada de VulDB364380 [kalcaddle Kodbox hasta 1.64 fileThumb Plugin VideoResize.class.php parseVideoInfo ffmpegBin escalada de privilegios]
Puntos20

AnteriorVisión De ConjuntoPróximo

Want to know what is going to be exploited?

We predict KEV entries!