Description
Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files.
References (3)
Core 3
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/kindsoft/kindeditor
Exploit, Third Party Advisory x_refsource_misc
http://www.vapidlabs.com/advisory.php?v=195
Product x_refsource_misc
http://kindeditor.org
Scores
CVSS v3
4.3
EPSS
0.0135
EPSS Percentile
67.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-287
Status
published
Products (22)
Kind Editor Inc./Kind Editor
unspecified - 4.1.12
kindsoft/kind_editor
4.0
kindsoft/kind_editor
4.0.1
kindsoft/kind_editor
4.0.2
kindsoft/kind_editor
4.0.3
kindsoft/kind_editor
4.0.4
kindsoft/kind_editor
4.0.5
kindsoft/kind_editor
4.0.6
kindsoft/kind_editor
4.1
kindsoft/kind_editor
4.1.1
... and 12 more
Published
Sep 14, 2017
Tracked Since
Feb 18, 2026