| शीर्षक | KodExplorer KodExplorer <=4.51.03 Auth bypass && file upload unrestricted to RCE |
|---|
| विवरण | Kodexplorer has a auth bypass vuln, which allow evil user to bypass api endpoint auth to access normal user api endpoint. And after that we found a file upload unrestricted api endpoint in plugin yzOffice, and upload a php webshell to RCE. |
|---|
| स्रोत | ⚠️ https://note.zhaoj.in/share/L38RNzUOwOtN |
|---|
| उपयोगकर्ता | glzjin (UID 59815) |
|---|
| सबमिशन | 11/12/2023 04:23 AM (2 साल पहले) |
|---|
| संयम | 15/12/2023 05:38 PM (5 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 248218 [kalcaddle KodExplorer तक 4.51.03 API Endpoint getFile path/file अधिकार वृद्धि] |
|---|
| अंक | 16 |
|---|