14 matches found
CVE-2023-6849
CVE-2023-6849 affects kalcaddle kodbox up to 1.48, with the vulnerable code in the function cover of plugins/fileThumb/app.php. The issue stems from manipulating the path argument which enables server-side request forgery (SSRF) and can be exploited remotely; exploitation status is not specified ...
CVE-2023-29790
CVE-2023-29790 affects kodbox versions 1.2.x through 1.3.7, with a reported Sensitive Information Leakage issue. The connected Red Hat, NVD, and third-party records corroborate the affected product range and issue type but do not provide concrete exploit details, affected module/file paths, root ...
CVE-2023-6848
The CVE-2023-6848 issue affects kalcaddle kodbox up to 1.48. The vulnerable component is plugins/officeViewer/controller/libreOffice/index.class.php (check function). Manipulating the soffice argument leads to remote command injection. Exploitation has been disclosed publicly. A fix is available ...
CVE-2023-29791
CVE-2023-29791 affects kodbox versions 1.37 and earlier, with a Cross‑Site Scripting (XSS) flaw exposed via debug information. The vulnerability allows crafted debug output to be reflected in the UI, enabling user‑in‑context script execution. The advisory entries consistently identify the vulnera...
CVE-2023-3607
CVE-2023-3607 affects kodbox 1.26, specifically the Execute function in the WebConsole Plug-In (webconsole.php.txt), enabling os command injection. Exploit disclosed publicly; vendor response unavailable. The issue is described consistently across sources, with a high severity in CVSS terms. Prac...
CVE-2023-39691
CVE-2023-39691 affects kodbox up to version 1.43, where an issue allows an attacker to arbitrarily add Administrator accounts through a crafted GET request. Impact is high: unauthorized admin account creation with potential full control over the system. Root cause and exact vulnerable component a...
CVE-2023-52069
CVE-2023-52069 affects kodbox v1.49.04, which is reported to contain a cross-site scripting (XSS) vulnerability via a URL parameter. The CVSS v3.1 base score is 5.4 (Medium), with attack vector NETWORK, attack complexity LOW, privileges required LOW, user interaction REQUIRED, and a Changed scope...
CVE-2024-51037
The CVE affects kodbox v1.52.04 and earlier. A vulnerability in the captcha used by the password reset function allows a remote attacker to obtain sensitive information (information disclosure). The affected component is the captcha feature in password reset; root cause is not detailed beyond the...
CVE-2023-45998
CVE-2023-45998 affects kodbox 1.44 and describes a Cross Site Scripting (XSS) vulnerability triggered by customizing global HTML, resulting in stored XSS. Affected component/entry point is the global HTML customization path; underlying issue is XSS propagation via stored payloads. Documented impa...
CVE-2023-48028
Summary (CVE-2023-48028) kodbox 1.46.01 exposes a login-page user enumeration flaw. Different response messages allow an attacker to determine valid usernames, potentially enabling brute-force attempts. The entry carries a NVD CVSS 3.1 score of 9.8 (CRITICAL) with network attack vector, low compl...
CVE-2023-52068
Kodbox v1.43 is impacted by a cross-site scripting (XSS) vulnerability exploitable via the operation and login logs. The CVE entry (CVE-2023-52068) associates a CVSS v3.1 base score of 6.1 (MEDIUM) with network attack vector, no privileges required, user interaction required. The root cause is de...
CVE-2026-1066
The CVE-2026-1066 entry describes a command-injection vulnerability in kalcaddle kodbox (up to version 1.61.10) related to the Compression Handler when processing the file /?explorer/index/zip. The issue can be exploited remotely; the exploit is public. Details on vulnerable component, root cause...
CVE-2025-10233
CVE-2025-10233 affects kalcaddle kodbox 1.61, with a path traversal flaw in the functions fileGet and fileSave of app/controller/explorer/editor.class.php caused by manipulating the path argument. This enables remote exploitation and has public disclosures; vendor reportedly did not respond. A PT...
CVE-2025-9414
Kalcaddle Kodbox 1.61 contains a server-side request forgery in the Download from Link Handler, via manipulation of the url parameter in /?explorer/upload/serverDownload. Remote exploitation is possible and the exploit has been published. PT-2025-34698 confirms the issue and notes there is no inf...