5 matches found
CVE-2023-6852
CVE-2023-6852 affects kalcaddle KodExplorer up to 4.51.03, via an issue in the file plugins/webodf/app.php that enables server-side request forgery (SSRF) . The vulnerability allows remote exploitation; the exploit has been disclosed publicly. A patch is available: upgrade to 4.52.01 . The provid...
CVE-2023-6853
CVE-2023-6853 affects kalcaddle KodExplorer up to version 4.51.03. The vulnerability lies in the function index of the file plugins/officeLive/app.php, where manipulation of the path argument enables server-side request forgery (SSRF). The flaw can be exploited remotely and the exploit has been d...
CVE-2022-46154
CVE-2022-46154 affects KodExplorer (prior to v4.50). The issue lets unauthenticated users request arbitrary files from the host OS file system due to inadequate access control/path traversal. Impact: access to any files available to the host process. The vulnerability is addressed in version 4.50...
CVE-2023-6850
CVE-2023-6850 affects kalcaddle KodExplorer up to version 4.51.03. The vulnerability resides in the API Endpoint Handler (file: /index.php?pluginApp/to/yzOffice/getFile) where manipulation of the path/file argument enables unrestricted upload. Exploitation can be performed remotely, and the vulne...
CVE-2023-6851
The CVE-2023-6851 vulnerability affects kalcaddle KodExplorer up to version 4.51.03, specifically the ZIP Archive Handler's function unzipList in plugins/zipView/app.php. The issue enables code injection, with remote exploitation and publicly disclosed exploit details. Mitigation: upgrade to vers...