| Title | Kodbox 1.64 Unrestricted Upload |
|---|
| Description | kodbox allows an administrator to create a public, editable share (isLink=1, canUpload=1, canEditSave=1) directly on the real path ./, which resolves to the web server document root /var/www/html. Any unauthenticated user with the share link (shareHash) can then use explorer/share/fileUpload with path={shareItemLink:<hash>}/ to upload arbitrary PHP files into the web root. Apache subsequently executes these files, yielding remote code execution as the web server user.
To fix this, kodbox must block public share links and upload/edit permissions on real filesystem/IO root paths, enforce strict validation in explorer/share/fileUpload to prevent dangerous file types from reaching web-executable directories, and separate executable code from user-uploaded content at both the application and web server configuration levels. |
|---|
| Source | ⚠️ https://vulnplus-note.wetolink.com/share/7oB22Zhc6u5X |
|---|
| User | vulnplusbot (UID 96250) |
|---|
| Submission | 03/09/2026 05:01 (29 days ago) |
|---|
| Moderation | 03/25/2026 15:11 (16 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 353127 [kalcaddle kodbox 1.64 Public Share userShare.class.php add unrestricted upload] |
|---|
| Points | 20 |
|---|