CVE-2017-5982

HIGH NUCLEI

Kodi Chorus2 2.4.2 - Path Traversal via Encoded Dot-Dot-Slash in Image Path

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2017-5982. PoCs published by Eric Flokstra, Eric Flokstra, jvoisin, including Metasploit module auxiliary/scanner/http/kodi_traversal. A Nuclei detection template is also available.

AI-analyzed exploit summary The document describes a local file inclusion vulnerability in Kodi's Chorus web interface, allowing attackers to retrieve arbitrary files via crafted URL requests. It includes technical details and examples of exploiting the vulnerability to access sensitive files like passwords.xml and /etc/passwd.

Description

Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Eric Flokstra · textwebappslinux

https://www.exploit-db.com/exploits/41312

View Code ZIP pw:eip

The document describes a local file inclusion vulnerability in Kodi's Chorus web interface, allowing attackers to retrieve arbitrary files via crafted URL requests. It includes technical details and examples of exploiting the vulnerability to access sensitive files like passwords.xml and /etc/passwd.

Classification

Writeup 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Kodi version 17.1 (Krypton), Chorus version 2.4.2

No auth needed

Prerequisites: Access to the Kodi web interface · Network access to the target system

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 18, 2026 Full analysis →

metasploit WORKING POC

by Eric Flokstra, jvoisin · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/kodi_traversal.rb

View Code ZIP pw:eip

This Metasploit module exploits a directory traversal vulnerability in Kodi before 17.1, allowing an attacker to read arbitrary files on the target system. It constructs a malicious URI to bypass path restrictions and retrieve the contents of specified files.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Kodi before 17.1

No auth needed

Prerequisites: Network access to the Kodi web interface

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Kodi 17.1 - Local File Inclusion

HIGHby 0x_Akoko

References (5)

Core 5

Core References

Exploit, Third Party Advisory, VDB Entry

http://packetstormsecurity.com/files/141043/Kodi-17.1-Arbitrary-File-Disclosure.html

Exploit, Third Party Advisory, VDB Entry exploit

https://www.exploit-db.com/exploits/41312/

Exploit, Third Party Advisory, VDB Entry mailing-list

http://seclists.org/fulldisclosure/2017/Feb/27

Third Party Advisory, VDB Entry vdb-entry

http://www.securityfocus.com/bid/96481

Mailing List mailing-list

https://lists.debian.org/debian-lts-announce/2024/01/msg00009.html

Scores

CVSS v3 7.5

EPSS 0.7748

EPSS Percentile 99.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (1)

kodi/kodi 17.1

Published Feb 28, 2017

Tracked Since Feb 18, 2026