ID:3764 - Exploit for Path traversal in Kodi - CVE-2017-5982
Published: August 9, 2020
Vulnerability identifier: #VU39617
Vulnerability risk: Medium
CVE-ID: CVE-2017-5982
CWE-ID: CWE-22
Exploitation vector: Remote access
Vulnerable software:
Kodi
Kodi
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in the Chorus2 2.4.2 add-on for Kodi. A remote authenticated attacker can send a specially crafted HTTP request and remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.