Headline
CVE-2022-4944: Vulnerability: Cross-site Request Forgery (CSRF) to Remote Code Execution (RCE) · Issue #512 · kalcaddle/KodExplorer
A vulnerability, which was classified as problematic, has been found in kalcaddle KodExplorer up to 4.49. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.50 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227000.
KodExplorer 4.49 - Cross-site Request Forgery (CSRF) to Remote Code Execution (RCE)****Summary
KodExplorer version 4.49 or earlier contains a vulnerability that has been rated critical. The vulnerability allows a malicious user to trick the target into clicking on a malicious link, which will result in a malicious file being uploaded to the target’s server. The attack is based on Cross-site Request Forgery and depends on target interaction for it to be successfully executed.
Affected Product
KodExplorer v4.49 and earlier
Severity Level
9.0 (Critical)
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Steps to Reproduce
Please provide some email address so that the proof of concept can be sent.
Mitigation
Considering that it is a CSRF-based flaw, it is recommended that there is functionality to block these types of attacks, such as an anti-CSRF token.
Related news
KODExplorer versions 4.49 and below suffer from cross site request forgery and remote shell upload vulnerabilities.