| Title | Kodbox 1.64 Server-Side Request Forgery |
|---|
| Description | The explorer/upload/serverDownload endpoint in kodbox accepts a user-controlled url and uses it to perform server-side HTTP requests, saving the response as a file. The intended protection (request_url_safe()) is weak: it allows http/https/ftp, does not block internal/private networks, and only includes a commented-out local IP filter. Consequently, any authenticated user with explorer.serverDownload permission can use the server as an SSRF pivot to access internal HTTP services and read their responses via the downloaded file.
This can expose sensitive internal data or be chained with vulnerabilities on internal services for further compromise. Fixes should include strict URL allowlisting, robust IP and scheme validation, redirect and DNS-rebinding protections, and restricting this functionality to highly trusted users with full auditing. |
|---|
| Source | ⚠️ https://vulnplus-note.wetolink.com/share/9RdPLmTHohGH |
|---|
| User | vulnplusbot (UID 96250) |
|---|
| Submission | 03/09/2026 04:18 (2 months ago) |
|---|
| Moderation | 03/22/2026 12:34 (13 days later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 321256 [kalcaddle kodbox 1.61 Download from Link serverDownload url server-side request forgery] |
|---|
| Points | 0 |
|---|