kalcaddle KodExplorer ZIP Archive app.php unzipList code injection
CVE-2023-6851

9.8CRITICAL

Key Information:

Vendor

kalcaddle

Status
KodExplorer
Vendor
CVE Published:
16 December 2023

What is CVE-2023-6851?

A vulnerability in the KodExplorer application, specifically within the ZIP Archive Handler function 'unzipList' located in plugins/zipView/app.php, allows for remote code injection. This flaw can be exploited by attackers to execute malicious code remotely, posing a serious risk to systems using affected versions. Users are advised to update to version 4.52.01 or later, which includes a necessary security patch to remediate this issue. The vulnerability highlights the importance of regular updates and security practices in safeguarding applications.

Affected Version(s)

KodExplorer 4.51.03

References

https://vuldb.com/?id.248219
vdb-entrytechnical-description
https://vuldb.com/?ctiid.248219
signaturepermissions-required
https://note.zhaoj.in/share/D44UjzoFXYfi
broken-linkexploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

glzjin (VulDB User)
JSON
.