PT-2022-27771 · Unknown · Kodexplorer
Du1Ge
·
Published
2022-12-06
·
Updated
2022-12-08
·
CVE-2022-46154
CVSS v3.1
8.6
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Kodexplorer versions prior to 4.50
Description
Kodexplorer is a Chinese language web-based file manager and browser-based code editor. The issue allows unauthenticated users to request arbitrary files from the host OS file system, making any files available to the host process accessible by arbitrary users.
Recommendations
For versions prior to 4.50, upgrade to version 4.50 to address the issue. There are no known workarounds for this issue.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kodexplorer