Submit #789983: KodExplorer 4.52 Authorization Bypassinfo

TitleKodExplorer 4.52 Authorization Bypass
DescriptionKodExplorer v4.52 contains a post-authentication logic flaw that allows any logged-in low-privilege user to invoke the high-risk systemMember/initInstall action. Because the endpoint is not properly protected and the authorization mechanism fails open for unregistered actions, an attacker can trigger a global reinitialization process intended only for installation or administrative maintenance. In environments where an administrator has renamed a user without synchronizing the storage path, this action silently resets the victim’s directory mapping to a new empty location, causing previously existing files to disappear from the application view and resulting in cross-user data unavailability.
Source⚠️ https://vulnplus-note.wetolink.com/share/byd7AQVs42VY
User
 vulnplusbot (UID 96250)
Submission03/26/2026 11:02 (4 months ago)
Moderation04/18/2026 21:07 (23 days later)
StatusAccepted
VulDB entry358204 [kodcloud KodExplorer up to 4.52 systemMember.class.php initInstall path authorization]
Points20

Do you want to use VulDB in your project?

Use the official API to access entries easily!