Unrestricted Upload of File with Dangerous Type in kalcaddle/kodexplorer


Reported on

Jun 20th 2021

✍️ Description

During file upload, there is no check if the file is already present or not which causes file to overwrite existing file.

🕵️‍♂️ Proof of Concept

Steps to reproduce:
1. Create 2 files of the same name and of different content.
2. Upload the first file and then the second file, you will see that the content of the file has been changed

💥 Impact

This vulnerability is capable of file overwrite.


We have contacted a member of the kalcaddle/kodexplorer team and are waiting to hear back 2 years ago
2 years ago


This is allowed. If the same name appears when uploading, it will be overwritten by default Personal center can set the processing method of the same name: rename / skip / overlay

warlee validated this vulnerability 2 years ago
x3rz has been awarded the disclosure bounty
The fix bounty is now up for grabs
warlee marked this as fixed with commit 6d2521 2 years ago
warlee has been awarded the fix bounty
This vulnerability will not receive a CVE
to join this conversation