| Название | KodExplorer KodExplorer ≤ 4.51.03 Auth bypass, unrestricted file read, RCE |
|---|
| Описание | Kodexplorer has an api endpoint auth bypass vuln, which allow evil user may access to api endpoint directly. Then builtin plugin webodf has an unrestricted file read vuln, which may allow evil user to read any file in the server, which will lead to RCE. |
|---|
| Источник | ⚠️ https://note.zhaoj.in/share/P6lQNyqQn3zY |
|---|
| Пользователь | glzjin (UID 59815) |
|---|
| Представление | 11.12.2023 17:58 (2 лет назад) |
|---|
| Модерация | 15.12.2023 17:38 (4 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 248220 [kalcaddle KodExplorer до 4.51.03 plugins/webodf/app.php эскалация привилегий] |
|---|
| Баллы | 17 |
|---|