| शीर्षक | KodExplorer KodExplorer <=4.51.03 Auth bypass && file extract unrestricted to RCE |
|---|
| विवरण | Kodexplorer has an api endpoint auth bypass vuln, which allow ebil user to bypass api endpoint auth to access api endpoint, and builtin plugin zipView has an unrestricted file extract vuln, evil user may invoke it to extract remote zip file and create php webshell file in the target. |
|---|
| स्रोत | ⚠️ https://note.zhaoj.in/share/D44UjzoFXYfi |
|---|
| उपयोगकर्ता | glzjin (UID 59815) |
|---|
| सबमिशन | 11/12/2023 11:06 AM (2 साल पहले) |
|---|
| संयम | 15/12/2023 05:38 PM (4 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 248219 [kalcaddle KodExplorer तक 4.51.03 ZIP Archive plugins/zipView/app.php unzipList अधिकार वृद्धि] |
|---|
| अंक | 17 |
|---|