| Title | KodExplorer KodExplorer <=4.51.03 Auth bypass && file extract unrestricted to RCE |
|---|
| Description | Kodexplorer has an api endpoint auth bypass vuln, which allow ebil user to bypass api endpoint auth to access api endpoint, and builtin plugin zipView has an unrestricted file extract vuln, evil user may invoke it to extract remote zip file and create php webshell file in the target. |
|---|
| Source | ⚠️ https://note.zhaoj.in/share/D44UjzoFXYfi |
|---|
| User | glzjin (UID 59815) |
|---|
| Submission | 12/11/2023 11:06 (2 years ago) |
|---|
| Moderation | 12/15/2023 17:38 (4 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 248219 [kalcaddle KodExplorer up to 4.51.03 ZIP Archive plugins/zipView/app.php unzipList code injection] |
|---|
| Points | 17 |
|---|