Kodcloud KodExplorer Authorization Bypass Vulnerability in System Member Controller

An authorization bypass vulnerability has been identified in kodcloud KodExplorer versions through 4.52. The issue resides in the 'initInstall' function of the 'systemMember.class.php' file. By manipulating the 'path' argument, a logged-in user with low privileges can access actions meant for higher privilege users, such as system reinitialization processes. This exploitation can lead to unintended consequences, like disrupting directory mappings for users, causing data visibility issues across the application.

Impact

Exploitation of this vulnerability allows for unauthorized access to administrative functions, potentially disrupting user data management and application integrity.

Reproduction

To reproduce this vulnerability, a logged-in user must manipulate the 'path' argument when invoking the 'initInstall' action in the 'systemMember.class.php' file. This can be done by sending a request that alters the 'path' value, bypassing the authorization checks and triggering a global reinitialization process.