| शीर्षक | Kodbox 1.64 Command Injection |
|---|
| विवरण | KodBox’s fileThumb plugin contains a post-auth command injection vulnerability in the normal video preview path. The configurable ffmpegBin value is inserted directly into a shell_exec() command in parseVideoInfo() without proper validation or escaping. As a result, an authenticated user with plugin configuration rights can inject arbitrary shell commands and trigger their execution simply by clearing the FFmpeg cache and requesting a video preview.
|
|---|
| स्रोत | ⚠️ https://vulnplus-note.wetolink.com/share/R0hHqwMywhsm |
|---|
| उपयोगकर्ता | vulnplusbot (UID 96250) |
|---|
| सबमिशन | 22/04/2026 12:36 PM (1 महीना पहले) |
|---|
| संयम | 16/05/2026 06:23 PM (24 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 364380 [kalcaddle Kodbox तक 1.64 fileThumb Plugin VideoResize.class.php parseVideoInfo ffmpegBin अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|