CVE-2017-5982 Scanner
Detects 'Directory Traversal' vulnerability in Chorus2 add-on for Kodi affects v. 2.4.2.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
1 month
Scan only one
Url
Toolbox
-
Chorus2 is a popular add-on for Kodi, a free and open-source media player software used for streaming digital content such as films, TV shows, and music. The Chorus2 add-on is specifically used for managing and organizing media files, allowing users to browse their collections in a user-friendly interface. It also provides features like metadata editing and artwork management, making it a handy tool for media enthusiasts.
However, the Chorus2 add-on was found to have a critical vulnerability, known as CVE-2017-5982. This vulnerability allows remote attackers to gain unauthorized access to a user's system by exploiting a directory traversal flaw in the software's image path. By encoding a "dot dot slash" sequence (%2E%2E%252e) into the image path, attackers can break out of the intended directory and access arbitrary files on the system, including sensitive files like /etc/passwd (which contains user account information).
Exploiting this vulnerability can lead to a myriad of consequences, ranging from identity theft to system compromise. Attackers can use the information they access to conduct further attacks and gain even more sensitive data. It's a serious threat to user privacy and security, and needs to be addressed immediately.
At s4e.io, we take cybersecurity seriously. Our platform provides pro features that allow users to easily and quickly learn about vulnerabilities in their digital assets. By subscribing to our services, users can access real-time vulnerability alerts and get insights into how to best protect their systems against threats like CVE-2017-5982. Don't wait until it's too late, protect yourself today.
REFERENCES