Hello,
The KindEditor <= 4.1.11 have path traversal vulnerability specifically in kindeditor/php/upload_json.php. Anyone can browse the file or directory in “kindeditor/attached/” folder via “path” parameter without authentication.
Through this method the unauthorized user can quickly view on the target host all uploaded files and exposed sensitive information.
Hello,
The KindEditor <= 4.1.11 have path traversal vulnerability specifically in kindeditor/php/upload_json.php. Anyone can browse the file or directory in “kindeditor/attached/” folder via “path” parameter without authentication.
Through this method the unauthorized user can quickly view on the target host all uploaded files and exposed sensitive information.
Example:
http://example.com/kindeditor/php/upload_json.php?path=/

http://example.com/kindeditor/php/upload_json.php?path=/image/

http://example.com/kindeditor/php/upload_json.php?path=/image/20181009

The text was updated successfully, but these errors were encountered: