| tiêu đề | KodExplorer 4.52 SSRF |
|---|
| Mô tả | KodExplorer v4.52 is vulnerable to a post-authentication cached SSRF issue in the `webodf` plugin. A low-privilege user can supply an arbitrary remote URL, causing the server to fetch internal resources such as localhost pages or cloud metadata endpoints. The fetched response is then cached and exposed through a `publicLink`, which can be accessed anonymously by anyone. This turns the plugin into a powerful exfiltration primitive, combining server-side access to internal targets with public distribution of the retrieved content. |
|---|
| Nguồn | ⚠️ https://vulnplus-note.wetolink.com/share/gtvPRZmZvw33 |
|---|
| Người dùng | vulnplusbot (UID 96250) |
|---|
| Đệ trình | 26/03/2026 11:08 (cách đây 1 tháng) |
|---|
| Kiểm duyệt | 18/04/2026 21:07 (23 days later) |
|---|
| Trạng thái | Bản sao |
|---|
| Mục VulDB | 248220 [kalcaddle KodExplorer đến 4.51.03 plugins/webodf/app.php nâng cao đặc quyền] |
|---|
| điểm | 0 |
|---|