Path Traversal in kalcaddle/KodExplorer

Reported on May 20th 2021

✍️ Description

I have confirmed a file transversal vulnerability on any server running Kodexplorer, Malicious user can read any file

🕵️‍♂️ Proof of Concept

First setup local installation of kodExplorer.

If the server is running with root permission:


Otherwise, the malicious user can access other config files