CVE-2021-43734 — AI Deep Analysis Summary

🚨 **Essence**: A **Path Traversal** vulnerability in Keking kkFileview. 📉 **Consequences**: Attackers can read **arbitrary files** on the host, leading to **sensitive data leaks**.

🛡️ **Root Cause**: **Local File Inclusion (LFI)** flaw. The application fails to properly sanitize user input, allowing directory traversal sequences to access files outside the intended scope.

👥 **Affected**: **Keking kkFileview** (Spring-Boot based document preview tool). Specifically noted: **v4.0.0** is vulnerable. 🇨🇳 Developed by Keking Technology.

💀 **Attacker Capabilities**: Can **read any file** on the server. This includes **sensitive configuration files**, source code, or credentials. No specific privilege escalation mentioned, but data exposure is critical.

⚠️ **Threshold**: **Low**. The vulnerability is in a web application feature (`getCorsFile`). Likely requires **no authentication** if the service is exposed to the internet. Easy to trigger via HTTP requests.

🔓 **Public Exploit**: **YES**. PoCs are available on GitHub (e.g., ProjectDiscovery Nuclei templates, Threekiii Awesome-POC). Wild exploitation is possible using automated scanners.

🔍 **Self-Check**: Scan for **kkFileview** instances. Check if the `getCorsFile` endpoint is accessible. Use Nuclei templates to test for **LFI** patterns against the target URL.

🩹 **Official Fix**: The issue was reported on GitHub (Issue #304). Users should check for **official patches** or updates from Keking Technology. The CVE was published in Feb 2022.

🚧 **No Patch?**: **Mitigation**: Restrict access to the kkFileview service via **WAF** or **Firewall**. Disable the `getCorsFile` endpoint if not needed. Block directory traversal characters (`../`) at the network level.

🔥 **Urgency**: **HIGH**. Since PoCs are public and it leads to **data leakage**, immediate action is required. Prioritize patching or isolating the service from the public internet.