CVE-2017-5982

HIGH NUCLEI

Kodi - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Eric Flokstra · textwebappslinux

https://www.exploit-db.com/exploits/41312

View Code ZIP pw:eip

metasploit WORKING POC

by Eric Flokstra, jvoisin · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/kodi_traversal.rb

View Code ZIP pw:eip

Nuclei Templates (1)

Kodi 17.1 - Local File Inclusion

HIGHby 0x_Akoko

References (5)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/141043/Kodi-17.1-Arbitrary-File-Disclosure.html

[Exploit, Third Party Advisory, VDB Entry] http://seclists.org/fulldisclosure/2017/Feb/27

[Mailing List] https://lists.debian.org/debian-lts-announce/2024/01/msg00009.html

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/41312/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/96481

Scores

CVSS v3 7.5

EPSS 0.8642

EPSS Percentile 99.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (1)

kodi/kodi 17.1

Published Feb 28, 2017

Tracked Since Feb 18, 2026