提交 #250188: KodExplorer KodExplorer <=4.51.03 Auth bypass && file upload unrestricted to RCE信息

标题KodExplorer KodExplorer <=4.51.03 Auth bypass && file upload unrestricted to RCE
描述Kodexplorer has a auth bypass vuln, which allow evil user to bypass api endpoint auth to access normal user api endpoint. And after that we found a file upload unrestricted api endpoint in plugin yzOffice, and upload a php webshell to RCE.
来源⚠️ https://note.zhaoj.in/share/L38RNzUOwOtN
用户
 glzjin (UID 59815)
提交2023-12-11 04時23分 (2 年前)
管理2023-12-15 17時38分 (5 days later)
状态已接受
VulDB条目248218 [kalcaddle KodExplorer 直到 4.51.03 API Endpoint getFile path/file 权限提升]
积分16

上一步一览下一步

Want to stay up to date on a daily basis?

Enable the mail alert feature now!