2 matches found
CVE-2023-6849
CVE-2023-6849 affects kalcaddle kodbox up to 1.48, with the vulnerable code in the function cover of plugins/fileThumb/app.php. The issue stems from manipulating the path argument which enables server-side request forgery (SSRF) and can be exploited remotely; exploitation status is not specified ...
CVE-2023-6848
The CVE-2023-6848 issue affects kalcaddle kodbox up to 1.48. The vulnerable component is plugins/officeViewer/controller/libreOffice/index.class.php (check function). Manipulating the soffice argument leads to remote command injection. Exploitation has been disclosed publicly. A fix is available ...