Server-Side Request Forgery (SSRF) in kalcaddle/kodexplorer

Reported on Jun 20th 2021

✍️ Description

SSRF via SVG due to improper processing of SVG files.

🕵️‍♂️ Proof of Concept


Download and upload it on the server and run the server on port 8000 and then view the file.

💥 Impact

This vulnerability is capable of SSRF

We have contacted a member of the kalcaddle/kodexplorer team and are waiting to hear back a month ago
25 days ago


Thanks,we will fixed it soon. Administrators can set disabled file types

warlee validated this vulnerability 25 days ago
x3rz has been awarded the disclosure bounty
The fix bounty is now up for grabs
warlee confirmed that a fix has been merged on 6d2521 25 days ago
warlee has been awarded the fix bounty