Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-5982 — Path Traversal in Kodi

CWE-22 — Path Traversal6 documents6 sources

Severity

7.5HIGHNVD

EPSS

86.4%

top 0.59%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Kodi Debian Kodi

Timeline

PublishedFeb 28

Latest updateMay 17

Description

Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/kodi< kodi 2:18.6+dfsg1-1 (bookworm)

▶Debiankodi/kodi< 2:18.6+dfsg1-1+2

▶NVDkodi/kodi17.1

🔴Vulnerability Details

GHSA

GHSA-4x55-4hhv-gr9v: Directory traversal vulnerability in the Chorus2 2↗2022-05-17

▶

OSV

CVE-2017-5982: Directory traversal vulnerability in the Chorus2 2↗2017-02-28

▶

💥Exploits & PoCs

Nuclei

Kodi 17.1 - Local File Inclusion

▶

Metasploit

Kodi 17.0 Local File Inclusion Vulnerability↗

▶

📋Vendor Advisories

Debian

CVE-2017-5982: kodi - Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows re...↗2017

▶