Filtered by vendor Kodcloud
Subscriptions
Total
28 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-6571 | 1 Kodcloud | 1 Kodexplorer | 2026-04-19 | 6.3 Medium |
| A weakness has been identified in kodcloud KodExplorer up to 4.52. Affected by this vulnerability is the function roleGroupAction of the file /app/controller/systemRole.class.php. Executing a manipulation of the argument group_role can lead to authorization bypass. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-6569 | 1 Kodcloud | 1 Kodexplorer | 2026-04-19 | 7.3 High |
| A vulnerability was identified in kodcloud KodExplorer up to 4.52. This impacts the function fileGet of the file /app/controller/share.class.php of the component fileGet Endpoint. Such manipulation of the argument fileUrl leads to improper authentication. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-6568 | 1 Kodcloud | 1 Kodexplorer | 2026-04-19 | 7.3 High |
| A vulnerability was determined in kodcloud KodExplorer up to 4.52. This affects the function share.class.php::initShareOld of the file /app/controller/share.class.php of the component Public Share Handler. This manipulation of the argument path causes path traversal. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-6570 | 1 Kodcloud | 1 Kodexplorer | 2026-04-19 | 2.7 Low |
| A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function initInstall of the file /app/controller/systemMember.class.php. Performing a manipulation of the argument path results in authorization bypass. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-1066 | 2 Kalcaddle, Kodcloud | 2 Kodbox, Kodbox | 2026-04-18 | 6.3 Medium |
| A vulnerability was detected in kalcaddle kodbox up to 1.61.10. This issue affects some unknown processing of the file /?explorer/index/zip of the component Compression Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-34504 | 1 Kodcloud | 1 Kodexplorer | 2026-03-05 | 6.1 Medium |
| KodExplorer 4.52 contains an open redirect vulnerability in the user login page that allows attackers to manipulate the 'link' parameter. Attackers can craft malicious URLs in the link parameter to redirect users to arbitrary external websites after authentication. | ||||
| CVE-2023-48028 | 1 Kodcloud | 1 Kodbox | 2025-09-29 | 9.8 Critical |
| kodbox 1.46.01 has a security flaw that enables user enumeration. This problem is present on the login page, where an attacker can identify valid users based on varying response messages, potentially paving the way for a brute force attack. | ||||
| CVE-2024-51037 | 2 Kalcaddle, Kodcloud | 2 Kodbox, Kodbox | 2025-09-16 | 5.3 Medium |
| An issue in kodbox v.1.52.04 and before allows a remote attacker to obtain sensitive information via the captcha feature in the password reset function. | ||||
| CVE-2025-9414 | 2 Kalcaddle, Kodcloud | 2 Kodbox, Kodbox | 2025-09-12 | 4.7 Medium |
| A vulnerability was found in kalcaddle kodbox 1.61. Affected by this vulnerability is an unknown functionality of the file /?explorer/upload/serverDownload of the component Download from Link Handler. Performing manipulation of the argument url results in server-side request forgery. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-10233 | 2 Kalcaddle, Kodcloud | 2 Kodbox, Kodbox | 2025-09-12 | 6.3 Medium |
| A security vulnerability has been detected in kalcaddle kodbox 1.61. This affects the function fileGet/fileSave of the file app/controller/explorer/editor.class.php. The manipulation of the argument path leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-52068 | 1 Kodcloud | 1 Kodbox | 2025-06-17 | 6.1 Medium |
| kodbox v1.43 was discovered to contain a cross-site scripting (XSS) vulnerability via the operation and login logs. | ||||
| CVE-2023-39691 | 1 Kodcloud | 1 Kodbox | 2025-06-02 | 9.8 Critical |
| An issue discovered in kodbox through 1.43 allows attackers to arbitrarily add Administrator accounts via crafted GET request. | ||||
| CVE-2023-52069 | 1 Kodcloud | 1 Kodbox | 2025-06-02 | 5.4 Medium |
| kodbox v1.49.04 was discovered to contain a cross-site scripting (XSS) vulnerability via the URL parameter. | ||||
| CVE-2023-49489 | 1 Kodcloud | 1 Kodexplorer | 2025-05-07 | 6.1 Medium |
| Reflective Cross Site Scripting (XSS) vulnerability in KodExplorer version 4.51, allows attackers to obtain sensitive information and escalate privileges via the APP_HOST parameter at config/i18n/en/main.php. | ||||
| CVE-2023-6853 | 1 Kodcloud | 1 Kodexplorer | 2025-05-07 | 6.3 Medium |
| A vulnerability classified as critical was found in kalcaddle KodExplorer up to 4.51.03. Affected by this vulnerability is the function index of the file plugins/officeLive/app.php. The manipulation of the argument path leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The identifier of the patch is 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The identifier VDB-248221 was assigned to this vulnerability. | ||||
| CVE-2022-46154 | 1 Kodcloud | 1 Kodexplorer | 2025-04-23 | 8.6 High |
| Kodexplorer is a chinese language web based file manager and browser based code editor. Versions prior to 4.50 did not prevent unauthenticated users from requesting arbitrary files from the host OS file system. As a result any files available to the host process may be accessed by arbitrary users. This issue has been addressed in version 4.50. Users are advised to upgrade. There are no known workarounds for this issue. | ||||
| CVE-2023-29791 | 1 Kodcloud | 1 Kodbox | 2025-01-28 | 6.1 Medium |
| kodbox <= 1.37 is vulnerable to Cross Site Scripting (XSS) via the debug information. | ||||
| CVE-2023-29790 | 1 Kodcloud | 1 Kodbox | 2025-01-24 | 7.5 High |
| kodbox 1.2.x through 1.3.7 has a Sensitive Information Leakage issue. | ||||
| CVE-2023-6852 | 1 Kodcloud | 1 Kodexplorer | 2024-11-21 | 6.3 Medium |
| A vulnerability classified as critical has been found in kalcaddle KodExplorer up to 4.51.03. Affected is an unknown function of the file plugins/webodf/app.php. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The name of the patch is 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248220. | ||||
| CVE-2023-6851 | 1 Kodcloud | 1 Kodexplorer | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been rated as critical. This issue affects the function unzipList of the file plugins/zipView/app.php of the component ZIP Archive Handler. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The patch is named 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248219. | ||||