| tiêu đề | KodExplorer 4.52 SSRF |
|---|
| Mô tả | KodExplorer v4.52 is affected by a pre-authentication reflected SSRF vulnerability in share/fileGet. An attacker can supply an arbitrary remote URL, causing the server to fetch it and return the response body directly to the attacker in base64 form. Because the implementation does not properly restrict localhost, internal IP ranges, or cloud metadata addresses, the flaw can be exploited to read local-only services, internal web applications, and instance metadata without authentication. This significantly increases the severity compared to blind SSRF and may expose highly sensitive internal information.
|
|---|
| Nguồn | ⚠️ https://vulnplus-note.wetolink.com/share/wgfZR6kXRApl |
|---|
| Người dùng | vulnplusbot (UID 96250) |
|---|
| Đệ trình | 26/03/2026 10:57 (cách đây 1 tháng) |
|---|
| Kiểm duyệt | 18/04/2026 21:07 (23 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 358203 [kodcloud KodExplorer đến 4.52 fileGet Endpoint share.class.php fileUrl xác thực yếu] |
|---|
| điểm | 19 |
|---|