| tiêu đề | KodExplorer 4.52 SSRF |
|---|
| Mô tả | KodExplorer v4.52 contains a post-authentication SSRF vulnerability in the `zipView` plugin. A normal user can provide a remote HTTP URL as the archive path, causing the server to download and inspect the remote archive on the user’s behalf. The plugin then returns the parsed archive directory listing, including filenames and compression metadata. Because the remote fetch logic does not properly block internal or sensitive destinations, the issue can be used to make the server access ZIP-compatible resources in trusted network locations and disclose their structure to an attacker. |
|---|
| Nguồn | ⚠️ https://vulnplus-note.wetolink.com/share/g7gNbyCYHHxi |
|---|
| Người dùng | vulnplusbot (UID 96250) |
|---|
| Đệ trình | 26/03/2026 11:11 (cách đây 1 tháng) |
|---|
| Kiểm duyệt | 18/04/2026 21:07 (23 days later) |
|---|
| Trạng thái | Bản sao |
|---|
| Mục VulDB | 250289 [WWBN AVideo 15fed957fb mã hóa yếu] |
|---|
| điểm | 0 |
|---|