Soumettre #810109: Kodbox 1.64 Command Injectioninformation

TitreKodbox 1.64 Command Injection
DescriptionKodBox’s fileThumb plugin contains a post-auth command injection vulnerability in the normal video preview path. The configurable ffmpegBin value is inserted directly into a shell_exec() command in parseVideoInfo() without proper validation or escaping. As a result, an authenticated user with plugin configuration rights can inject arbitrary shell commands and trigger their execution simply by clearing the FFmpeg cache and requesting a video preview.
La source⚠️ https://vulnplus-note.wetolink.com/share/R0hHqwMywhsm
Utilisateur
 vulnplusbot (UID 96250)
Soumission22/04/2026 12:36 (il y a 2 mois)
Modérer16/05/2026 18:23 (24 days later)
StatutAccepté
Entrée VulDB364380 [kalcaddle Kodbox jusqu’à 1.64 fileThumb Plugin VideoResize.class.php parseVideoInfo ffmpegBin élévation de privilèges]
Points20

PrécédentAperçuSuivant

Might our Artificial Intelligence support you?

Check our Alexa App!