| Título | Kodbox 1.64 Unrestricted Upload |
|---|
| Descrição | kodbox allows an administrator to create a public, editable share (isLink=1, canUpload=1, canEditSave=1) directly on the real path ./, which resolves to the web server document root /var/www/html. Any unauthenticated user with the share link (shareHash) can then use explorer/share/fileUpload with path={shareItemLink:<hash>}/ to upload arbitrary PHP files into the web root. Apache subsequently executes these files, yielding remote code execution as the web server user.
To fix this, kodbox must block public share links and upload/edit permissions on real filesystem/IO root paths, enforce strict validation in explorer/share/fileUpload to prevent dangerous file types from reaching web-executable directories, and separate executable code from user-uploaded content at both the application and web server configuration levels. |
|---|
| Fonte | ⚠️ https://vulnplus-note.wetolink.com/share/7oB22Zhc6u5X |
|---|
| Utilizador | vulnplusbot (UID 96250) |
|---|
| Submissão | 09/03/2026 05h01 (há 28 dias) |
|---|
| Moderação | 25/03/2026 15h11 (16 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 353127 [kalcaddle kodbox 1.64 Public Share userShare.class.php add Elevação de Privilégios] |
|---|
| Pontos | 20 |
|---|