10 matches found
CVE-2023-49489
Affected software: KodExplorer 4.51. Vulnerability: Reflective Cross-Site Scripting (XSS) via the APP_HOST parameter in config/i18n/en/main.php. Attackers can obtain sensitive information and escalate privileges according to the Nuclei/Nuclei templates entry; no exploitation details beyond that a...
CVE-2023-6852
CVE-2023-6852 affects kalcaddle KodExplorer up to 4.51.03, via an issue in the file plugins/webodf/app.php that enables server-side request forgery (SSRF) . The vulnerability allows remote exploitation; the exploit has been disclosed publicly. A patch is available: upgrade to 4.52.01 . The provid...
CVE-2023-6853
CVE-2023-6853 affects kalcaddle KodExplorer up to version 4.51.03. The vulnerability lies in the function index of the file plugins/officeLive/app.php, where manipulation of the path argument enables server-side request forgery (SSRF). The flaw can be exploited remotely and the exploit has been d...
CVE-2021-36646
CVE-2021-36646 – KodExplorer 4.45 : Several connected sources confirm a cross-site scripting (XSS) issue. The nuclei template specifies a reflected XSS in the file view functionality, specifically in app/template/api/view.html where the path parameter is echoed unsafely, enabling attacker-supplie...
CVE-2022-46154
CVE-2022-46154 affects KodExplorer (prior to v4.50). The issue lets unauthenticated users request arbitrary files from the host OS file system due to inadequate access control/path traversal. Impact: access to any files available to the host process. The vulnerability is addressed in version 4.50...
CVE-2022-4944
KodExplorer (kalcaddle) up to version 4.49 contains a cross-site request forgery (CSRF) vulnerability. The issue affects an unknown part of the software and can be triggered remotely; exploits have been publicly disclosed. Upgrading to version 4.50 addresses the issue. Multiple connected sources ...
CVE-2023-6850
CVE-2023-6850 affects kalcaddle KodExplorer up to version 4.51.03. The vulnerability resides in the API Endpoint Handler (file: /index.php?pluginApp/to/yzOffice/getFile) where manipulation of the path/file argument enables unrestricted upload. Exploitation can be performed remotely, and the vulne...
CVE-2023-6851
The CVE-2023-6851 vulnerability affects kalcaddle KodExplorer up to version 4.51.03, specifically the ZIP Archive Handler's function unzipList in plugins/zipView/app.php. The issue enables code injection, with remote exploitation and publicly disclosed exploit details. Mitigation: upgrade to vers...
CVE-2023-37153
CVE-2023-37153 : KodExplorer 4.51 contains a Cross-Site Scripting (XSS) vulnerability in the Description field of the Light App creation feature. An attacker can inject XSS syntax into the Description, causing script execution when the field is rendered. The available connected documents confirm ...
CVE-2025-34504
CVE-2025-34504 affects KodExplorer 4.52. The vulnerability is an open redirect on the user login page where the attacker-controlled link parameter can redirect authenticated users to arbitrary external sites. Root cause: improper validation of the login URL’s link parameter. Impact: potential cre...