| Название | KodExplorer 4.52 SSRF |
|---|
| Описание | KodExplorer v4.52 contains a post-authentication SSRF vulnerability in the `zipView` plugin. A normal user can provide a remote HTTP URL as the archive path, causing the server to download and inspect the remote archive on the user’s behalf. The plugin then returns the parsed archive directory listing, including filenames and compression metadata. Because the remote fetch logic does not properly block internal or sensitive destinations, the issue can be used to make the server access ZIP-compatible resources in trusted network locations and disclose their structure to an attacker. |
|---|
| Источник | ⚠️ https://vulnplus-note.wetolink.com/share/g7gNbyCYHHxi |
|---|
| Пользователь | vulnplusbot (UID 96250) |
|---|
| Представление | 26.03.2026 11:11 (28 дни назад) |
|---|
| Модерация | 18.04.2026 21:07 (23 days later) |
|---|
| Статус | Дубликат |
|---|
| Запись VulDB | 250289 [WWBN AVideo 15fed957fb слабое шифрование] |
|---|
| Баллы | 0 |
|---|