Submeter #810109: Kodbox 1.64 Command Injectioninformação

TítuloKodbox 1.64 Command Injection
DescriçãoKodBox’s fileThumb plugin contains a post-auth command injection vulnerability in the normal video preview path. The configurable ffmpegBin value is inserted directly into a shell_exec() command in parseVideoInfo() without proper validation or escaping. As a result, an authenticated user with plugin configuration rights can inject arbitrary shell commands and trigger their execution simply by clearing the FFmpeg cache and requesting a video preview.
Fonte⚠️ https://vulnplus-note.wetolink.com/share/R0hHqwMywhsm
Utilizador
 vulnplusbot (UID 96250)
Submissão22/04/2026 12h36 (há 1 mês)
Moderação16/05/2026 18h23 (24 days later)
EstadoAceite
Entrada VulDB364380 [kalcaddle Kodbox até 1.64 fileThumb Plugin VideoResize.class.php parseVideoInfo ffmpegBin Elevação de Privilégios]
Pontos20

VoltarVisão GeralPróximo

Do you need the next level of professionalism?

Upgrade your account now!