Description
KindEditor through 4.1.11 has a path traversal vulnerability in php/upload_json.php. Anyone can browse a file or directory in the kindeditor/attached/ folder via the path parameter without authentication.
Remediation
References
https://github.com/kindsoft/kindeditor/issues/289
Related Vulnerabilities
CVE-2022-46907 Vulnerability in maven package org.apache.jspwiki:jspwiki-war
CVE-2018-9207 Vulnerability in maven package org.webjars.bowergithub.blueimp:jquery-file-upload
CVE-2019-10768 Vulnerability in maven package org.webjars.bowergithub.angular:angular
CVE-2023-34212 Vulnerability in maven package org.apache.nifi:nifi-jms-processors