Description
KindEditor through 4.1.11 has a path traversal vulnerability in php/upload_json.php. Anyone can browse a file or directory in the kindeditor/attached/ folder via the path parameter without authentication.
Remediation
References
https://github.com/kindsoft/kindeditor/issues/289
Related Vulnerabilities
CVE-2022-43441 Vulnerability in maven package org.webjars.npm:sqlite3
CVE-2023-47320 Vulnerability in maven package org.silverpeas.core:silverpeas-core-web
CVE-2021-43859 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2022-21213 Vulnerability in maven package org.webjars.npm:mout
CVE-2022-2390 Vulnerability in maven package com.google.android.gms:play-services-basement