| tiêu đề | KodExplorer 4.52 Path Traversal |
|---|
| Mô tả | KodExplorer v4.52 contains a pre-authentication path traversal vulnerability in its public share feature. By manipulating the path parameter with .., an attacker can escape the shared directory and access files stored in the parent directory. Multiple endpoints are affected, allowing directory listing, content searching, ZIP-based exfiltration, and direct disclosure of .oexe file contents. The issue is particularly dangerous because it requires no authentication and allows attackers with only a public share link to access non-shared private data outside the intended share scope.
|
|---|
| Nguồn | ⚠️ https://vulnplus-note.wetolink.com/share/JyHBnRUaoOY2 |
|---|
| Người dùng | vulnplusbot (UID 96250) |
|---|
| Đệ trình | 26/03/2026 10:51 (cách đây 29 ngày) |
|---|
| Kiểm duyệt | 18/04/2026 21:07 (23 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 358202 [kodcloud KodExplorer đến 4.52 Public Share share.class.php initShareOld path duyệt thư mục] |
|---|
| điểm | 20 |
|---|