| शीर्षक | kalcaddle kodbox <=1.64.05 Command Injection |
|---|
| विवरण | Kodbox v1.64.05 contains an OS Command Injection vulnerability in the VideoResize.class.php component. The vulnerability exists in the run() method, where user-controlled file paths are concatenated directly into a shell command string for ffmpeg execution. This allows authenticated remote attackers to execute arbitrary system commands via shell metacharacters contained within a crafted filename during the video transcoding process. |
|---|
| स्रोत | ⚠️ https://gist.github.com/DReazer/d7380aca4ade9fd73b688633901367ed |
|---|
| उपयोगकर्ता | Snkn0w (UID 90071) |
|---|
| सबमिशन | 03/02/2026 07:56 AM (3 महीनों पहले) |
|---|
| संयम | 15/02/2026 08:07 PM (13 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 346167 [kalcaddle kodbox तक 1.64.05 Media File Preview Plugin VideoResize.class.php run localFile अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|