Lucene search
K

5 matches found

CVE
CVE
added 2023/12/16 11:31 a.m.91 views

CVE-2023-6852

CVE-2023-6852 affects kalcaddle KodExplorer up to 4.51.03, via an issue in the file plugins/webodf/app.php that enables server-side request forgery (SSRF) . The vulnerability allows remote exploitation; the exploit has been disclosed publicly. A patch is available: upgrade to 4.52.01 . The provid...

9.8CVSS8.2AI score0.00762EPSS
CVE
CVE
added 2023/12/16 12:0 p.m.82 views

CVE-2023-6853

CVE-2023-6853 affects kalcaddle KodExplorer up to version 4.51.03. The vulnerability lies in the function index of the file plugins/officeLive/app.php, where manipulation of the path argument enables server-side request forgery (SSRF). The flaw can be exploited remotely and the exploit has been d...

9.8CVSS8.2AI score0.00701EPSS
Web
CVE
CVE
added 2022/12/06 6:8 p.m.68 views

CVE-2022-46154

CVE-2022-46154 affects KodExplorer (prior to v4.50). The issue lets unauthenticated users request arbitrary files from the host OS file system due to inadequate access control/path traversal. Impact: access to any files available to the host process. The vulnerability is addressed in version 4.50...

8.6CVSS8AI score0.0082EPSS
CVE
CVE
added 2023/12/16 8:31 a.m.65 views

CVE-2023-6850

CVE-2023-6850 affects kalcaddle KodExplorer up to version 4.51.03. The vulnerability resides in the API Endpoint Handler (file: /index.php?pluginApp/to/yzOffice/getFile) where manipulation of the path/file argument enables unrestricted upload. Exploitation can be performed remotely, and the vulne...

9.8CVSS8.2AI score0.00841EPSS
Web
CVE
CVE
added 2023/12/16 11:0 a.m.59 views

CVE-2023-6851

The CVE-2023-6851 vulnerability affects kalcaddle KodExplorer up to version 4.51.03, specifically the ZIP Archive Handler's function unzipList in plugins/zipView/app.php. The issue enables code injection, with remote exploitation and publicly disclosed exploit details. Mitigation: upgrade to vers...

9.8CVSS8.5AI score0.0091EPSS
Web