Kalcaddle Kodbox Command Injection Vulnerability in FileThumb Plugin

A command injection vulnerability has been identified in Kalcaddle Kodbox version 1.64, specifically within the FileThumb plugin. The issue arises in the 'checkBin' function of 'app.php', where the application improperly sanitizes input before passing it to 'shell_exec'. This flaw allows authenticated administrators to manipulate configuration values with shell metacharacters, executing arbitrary commands on the server with the web server's privileges.

Impact

Exploitation of this vulnerability allows for post-authentication remote command execution on the affected server.

Reproduction

To reproduce this vulnerability, an authenticated administrator must access the plugin configuration settings and introduce shell metacharacters into the 'ffmpegBin' or 'imagickBin' values. Once these values are set, the 'checkBin' function can be triggered to execute the injected commands on the server.

Remediation

It is recommended to remove unsafe concatenation of shell commands, implement strict whitelisting of allowed binaries and paths, use non-shell process execution methods with validated arguments, and review and tighten configuration permissions.