S4E

CVE-2017-5982 Scanner

Detects 'Directory Traversal' vulnerability in Chorus2 add-on for Kodi affects v. 2.4.2.

SCAN NOW

Short Info


Level

High

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 second

Time Interval

1 month

Scan only one

Url

Toolbox

-

Chorus2 is a popular add-on for Kodi, a free and open-source media player software used for streaming digital content such as films, TV shows, and music. The Chorus2 add-on is specifically used for managing and organizing media files, allowing users to browse their collections in a user-friendly interface. It also provides features like metadata editing and artwork management, making it a handy tool for media enthusiasts.

However, the Chorus2 add-on was found to have a critical vulnerability, known as CVE-2017-5982. This vulnerability allows remote attackers to gain unauthorized access to a user's system by exploiting a directory traversal flaw in the software's image path. By encoding a "dot dot slash" sequence (%2E%2E%252e) into the image path, attackers can break out of the intended directory and access arbitrary files on the system, including sensitive files like /etc/passwd (which contains user account information).

Exploiting this vulnerability can lead to a myriad of consequences, ranging from identity theft to system compromise. Attackers can use the information they access to conduct further attacks and gain even more sensitive data. It's a serious threat to user privacy and security, and needs to be addressed immediately.

At s4e.io, we take cybersecurity seriously. Our platform provides pro features that allow users to easily and quickly learn about vulnerabilities in their digital assets. By subscribing to our services, users can access real-time vulnerability alerts and get insights into how to best protect their systems against threats like CVE-2017-5982. Don't wait until it's too late, protect yourself today.

 

REFERENCES

Get started to protecting your Free Full Security Scan