Kodcloud KodExplorer Path Traversal Vulnerability in Public Share Handler

A path traversal vulnerability has been identified in kodcloud KodExplorer versions prior to 4.52. The issue resides in the Public Share Handler component, specifically within the 'share.class.php' file, in the 'initShareOld' function. This vulnerability allows remote attackers to manipulate the 'path' argument, escape the shared directory, and access files in the parent directory. Exploitation of this flaw could lead to unauthorized access of private data not intended to be shared.

Impact

Exploitation of this vulnerability allows for unauthorized access to non-shared private data, bypassing the intended share scope. The vulnerability could also be exploited to list directories, search for content, exfiltrate data via ZIP files, and directly access the contents of .oexe files.

Reproduction

To reproduce this vulnerability, access a public share link of a kodcloud KodExplorer user. The 'path' parameter can be manipulated to include directory traversal sequences, such as '..', to escape the shared directory and access files in the parent directory. This can be done through multiple endpoints that are affected by the vulnerability.