Lucene search
K
KodcloudKodbox

14 matches found

CVE
CVE
added 2023/12/16 8:0 a.m.83 views

CVE-2023-6849

CVE-2023-6849 affects kalcaddle kodbox up to 1.48, with the vulnerable code in the function cover of plugins/fileThumb/app.php. The issue stems from manipulating the path argument which enables server-side request forgery (SSRF) and can be exploited remotely; exploitation status is not specified ...

9.8CVSS8.6AI score0.00886EPSS
Web
CVE
CVE
added 2023/05/12 12:0 a.m.52 views

CVE-2023-29790

CVE-2023-29790 affects kodbox versions 1.2.x through 1.3.7, with a reported Sensitive Information Leakage issue. The connected Red Hat, NVD, and third-party records corroborate the affected product range and issue type but do not provide concrete exploit details, affected module/file paths, root ...

7.5CVSS7.5AI score0.0056EPSS
CVE
CVE
added 2023/12/16 6:31 a.m.50 views

CVE-2023-6848

The CVE-2023-6848 issue affects kalcaddle kodbox up to 1.48. The vulnerable component is plugins/officeViewer/controller/libreOffice/index.class.php (check function). Manipulating the soffice argument leads to remote command injection. Exploitation has been disclosed publicly. A fix is available ...

9.8CVSS9.1AI score0.02347EPSS
Web
CVE
CVE
added 2023/05/11 12:0 a.m.49 views

CVE-2023-29791

CVE-2023-29791 affects kodbox versions 1.37 and earlier, with a Cross‑Site Scripting (XSS) flaw exposed via debug information. The vulnerability allows crafted debug output to be reflected in the UI, enabling user‑in‑context script execution. The advisory entries consistently identify the vulnera...

6.1CVSS5.9AI score0.00353EPSS
CVE
CVE
added 2023/07/10 9:0 p.m.49 views

CVE-2023-3607

CVE-2023-3607 affects kodbox 1.26, specifically the Execute function in the WebConsole Plug-In (webconsole.php.txt), enabling os command injection. Exploit disclosed publicly; vendor response unavailable. The issue is described consistently across sources, with a high severity in CVSS terms. Prac...

8CVSS7AI score0.05927EPSS
CVE
CVE
added 2024/01/16 12:0 a.m.49 views

CVE-2023-39691

CVE-2023-39691 affects kodbox up to version 1.43, where an issue allows an attacker to arbitrarily add Administrator accounts through a crafted GET request. Impact is high: unauthorized admin account creation with potential full control over the system. Root cause and exact vulnerable component a...

9.8CVSS9.3AI score0.00561EPSS
CVE
CVE
added 2024/01/17 12:0 a.m.48 views

CVE-2023-52069

CVE-2023-52069 affects kodbox v1.49.04, which is reported to contain a cross-site scripting (XSS) vulnerability via a URL parameter. The CVSS v3.1 base score is 5.4 (Medium), with attack vector NETWORK, attack complexity LOW, privileges required LOW, user interaction REQUIRED, and a Changed scope...

5.4CVSS5.3AI score0.00292EPSS
CVE
CVE
added 2024/11/15 12:0 a.m.48 views

CVE-2024-51037

The CVE affects kodbox v1.52.04 and earlier. A vulnerability in the captcha used by the password reset function allows a remote attacker to obtain sensitive information (information disclosure). The affected component is the captcha feature in password reset; root cause is not detailed beyond the...

5.3CVSS6.9AI score0.00269EPSS
CVE
CVE
added 2023/10/23 12:0 a.m.46 views

CVE-2023-45998

CVE-2023-45998 affects kodbox 1.44 and describes a Cross Site Scripting (XSS) vulnerability triggered by customizing global HTML, resulting in stored XSS. Affected component/entry point is the global HTML customization path; underlying issue is XSS propagation via stored payloads. Documented impa...

5.4CVSS5.3AI score0.00316EPSS
CVE
CVE
added 2023/11/17 12:0 a.m.46 views

CVE-2023-48028

Summary (CVE-2023-48028) kodbox 1.46.01 exposes a login-page user enumeration flaw. Different response messages allow an attacker to determine valid usernames, potentially enabling brute-force attempts. The entry carries a NVD CVSS 3.1 score of 9.8 (CRITICAL) with network attack vector, low compl...

9.8CVSS9.3AI score0.0111EPSS
CVE
CVE
added 2024/01/16 12:0 a.m.40 views

CVE-2023-52068

Kodbox v1.43 is impacted by a cross-site scripting (XSS) vulnerability exploitable via the operation and login logs. The CVE entry (CVE-2023-52068) associates a CVSS v3.1 base score of 6.1 (MEDIUM) with network attack vector, no privileges required, user interaction required. The root cause is de...

6.1CVSS6AI score0.00308EPSS
CVE
CVE
added 2026/01/17 9:2 p.m.23 views

CVE-2026-1066

The CVE-2026-1066 entry describes a command-injection vulnerability in kalcaddle kodbox (up to version 1.61.10) related to the Compression Handler when processing the file /?explorer/index/zip. The issue can be exploited remotely; the exploit is public. Details on vulnerable component, root cause...

8.8CVSS6.5AI score0.0504EPSS
CVE
CVE
added 2025/09/10 11:2 p.m.21 views

CVE-2025-10233

CVE-2025-10233 affects kalcaddle kodbox 1.61, with a path traversal flaw in the functions fileGet and fileSave of app/controller/explorer/editor.class.php caused by manipulating the path argument. This enables remote exploitation and has public disclosures; vendor reportedly did not respond. A PT...

6.5CVSS6.3AI score0.00409EPSS
CVE
CVE
added 2025/08/25 6:32 p.m.18 views

CVE-2025-9414

Kalcaddle Kodbox 1.61 contains a server-side request forgery in the Download from Link Handler, via manipulation of the url parameter in /?explorer/upload/serverDownload. Remote exploitation is possible and the exploit has been published. PT-2025-34698 confirms the issue and notes there is no inf...

5.8CVSS5AI score0.00277EPSS
Web