{"id":"CVE-2017-1002024","details":"Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files.","modified":"2026-04-10T03:56:09.980197Z","published":"2017-09-14T13:29:01.153Z","references":[{"type":"WEB","url":"http://kindeditor.org"},{"type":"FIX","url":"https://github.com/kindsoft/kindeditor"},{"type":"EVIDENCE","url":"http://www.vapidlabs.com/advisory.php?v=195"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kindsoft/kindeditor","events":[{"introduced":"0"},{"last_affected":"b73063957cddc6bcf186e3fcd5a0c6ec4cdbb2d0"},{"introduced":"0"},{"last_affected":"b414cb9d047a64977f3be01afba8f7d6acf0047d"},{"introduced":"0"},{"last_affected":"424d8c348cf67be6787643288d16eff8ed673faa"},{"introduced":"0"},{"last_affected":"cfe92d481e560df6cbf0beb85fdc9da4b12b0f50"},{"introduced":"0"},{"last_affected":"88b3a64a4a42737b4683bb4d47dfce46ad19c7a0"},{"introduced":"0"},{"last_affected":"7af075748aa117c0718317c5bc11a1106a5a7b9a"},{"introduced":"0"},{"last_affected":"d51391bf692419489cc7ef222c5e350dd1d589bf"},{"introduced":"0"},{"last_affected":"4d7e658be7f67dc657eb80cf91d642a7264bb1d5"},{"introduced":"0"},{"last_affected":"2181d5b925a4accf121929d1a7e5b26a4acf7392"},{"introduced":"0"},{"last_affected":"5fae5df9d0c552f218c3ab22054ac281e8bb5a87"},{"introduced":"0"},{"last_affected":"6e2d34e740e76c597cc56f99706d5dc706ed6e6a"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.1"},{"introduced":"0"},{"last_affected":"4.1.1"},{"introduced":"0"},{"last_affected":"4.1.2"},{"introduced":"0"},{"last_affected":"4.1.3"},{"introduced":"0"},{"last_affected":"4.1.4"},{"introduced":"0"},{"last_affected":"4.1.5"},{"introduced":"0"},{"last_affected":"4.1.6"},{"introduced":"0"},{"last_affected":"4.1.9"},{"introduced":"0"},{"last_affected":"4.1.10"},{"introduced":"0"},{"last_affected":"4.1.11"},{"introduced":"0"},{"last_affected":"4.1.12"}]}}],"versions":["v4.1","v4.1.1","v4.1.10","v4.1.11","v4.1.12","v4.1.2","v4.1.3","v4.1.4","v4.1.5","v4.1.6","v4.1.9"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"3.5.6"}]},{"events":[{"introduced":"0"},{"last_affected":"4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"4.0.1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.0.2"}]},{"events":[{"introduced":"0"},{"last_affected":"4.0.3"}]},{"events":[{"introduced":"0"},{"last_affected":"4.0.4"}]},{"events":[{"introduced":"0"},{"last_affected":"4.0.5"}]},{"events":[{"introduced":"0"},{"last_affected":"4.0.6"}]},{"events":[{"introduced":"0"},{"last_affected":"4.1.7"}]},{"events":[{"introduced":"0"},{"last_affected":"4.1.8"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1002024.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}]}