| 제목 | KodExplorer 4.52 SSRF |
|---|
| 설명 | KodExplorer v4.52 contains a post-authentication SSRF vulnerability in the `zipView` plugin. A normal user can provide a remote HTTP URL as the archive path, causing the server to download and inspect the remote archive on the user’s behalf. The plugin then returns the parsed archive directory listing, including filenames and compression metadata. Because the remote fetch logic does not properly block internal or sensitive destinations, the issue can be used to make the server access ZIP-compatible resources in trusted network locations and disclose their structure to an attacker. |
|---|
| 원천 | ⚠️ https://vulnplus-note.wetolink.com/share/g7gNbyCYHHxi |
|---|
| 사용자 | vulnplusbot (UID 96250) |
|---|
| 제출 | 2026. 03. 26. AM 11:11 (24 날 ago) |
|---|
| 모더레이션 | 2026. 04. 18. PM 09:07 (23 days later) |
|---|
| 상태 | 중복 |
|---|
| VulDB 항목 | 250289 [WWBN AVideo 15fed957fb 약한 암호화] |
|---|
| 포인트들 | 0 |
|---|