VYPR

Kodbox

by Kodcloud

Source repositories

CVEs (23)

  • CVE-2026-8753MedMay 17, 2026
    risk 0.41cvss 6.3epss 0.01

    A security vulnerability has been detected in kalcaddle Kodbox up to 1.64. This issue affects the function parseVideoInfo of the file /workspace/source-code/plugins/fileThumb/lib/VideoResize.class.php of the component fileThumb Plugin. The manipulation of the argument ffmpegBin…

  • CVE-2026-4589MedMar 23, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in kalcaddle kodbox 1.64. The affected element is the function PathDriverUrl of the file /workspace/source-code/app/controller/explorer/editor.class.php of the component fileGet Endpoint. Such manipulation of the argument path leads to server-side…

  • CVE-2026-2560MedFeb 16, 2026
    risk 0.41cvss 6.3epss 0.02

    A vulnerability has been found in kalcaddle kodbox up to 1.64.05. The impacted element is the function run of the file plugins/fileThumb/lib/VideoResize.class.php of the component Media File Preview Plugin. Such manipulation of the argument localFile leads to os command…

  • CVE-2026-1066MedJan 17, 2026
    risk 0.41cvss 6.3epss 0.05

    A vulnerability was detected in kalcaddle kodbox up to 1.61.10. This issue affects some unknown processing of the file /?explorer/index/zip of the component Compression Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is…

  • CVE-2025-10233MedSep 10, 2025
    risk 0.41cvss 6.3epss 0.00

    A security vulnerability has been detected in kalcaddle kodbox 1.61. This affects the function fileGet/fileSave of the file app/controller/explorer/editor.class.php. The manipulation of the argument path leads to path traversal. The attack can be initiated remotely. The exploit…

  • CVE-2026-5618MedApr 6, 2026
    risk 0.36cvss 5.6epss 0.00

    A vulnerability was detected in kalcaddle kodbox up to 1.64. This affects an unknown function of the component shareMake/shareCheck. Performing a manipulation of the argument siteFrom/siteTo results in server-side request forgery. The attack is possible to be carried out…

  • CVE-2026-4830MedMar 26, 2026
    risk 0.36cvss 5.6epss 0.00

    A vulnerability was identified in kalcaddle kodbox 1.64. This issue affects the function Add of the file app/controller/explorer/userShare.class.php of the component Public Share Handler. Such manipulation leads to unrestricted upload. The attack can be executed remotely. This…

  • CVE-2026-4592MedMar 23, 2026
    risk 0.36cvss 5.6epss 0.00

    A security vulnerability has been detected in kalcaddle kodbox 1.64. This impacts the function loginAfter/tfaVerify of the file /workspace/source-code/plugins/client/controller/tfa/index.class.php of the component Password Login. The manipulation leads to improper…

  • CVE-2026-4591MedMar 23, 2026
    risk 0.31cvss 4.7epss 0.02

    A weakness has been identified in kalcaddle kodbox 1.64. This affects the function checkBin of the file /workspace/source-code/plugins/fileThumb/app.php of the component fileThumb Endpoint. Executing a manipulation can lead to os command injection. The attack can be executed…

  • CVE-2025-9414MedAug 25, 2025
    risk 0.31cvss 4.7epss 0.00

    A vulnerability was found in kalcaddle kodbox 1.61. Affected by this vulnerability is an unknown functionality of the file /?explorer/upload/serverDownload of the component Download from Link Handler. Performing manipulation of the argument url results in server-side request…

  • CVE-2025-11016MedSep 26, 2025
    risk 0.28cvss 4.3epss 0.00

    A security vulnerability has been detected in kalcaddle kodbox up to 1.61.09. The affected element is the function fileOut of the file app/controller/explorer/index.class.php. Such manipulation of the argument path leads to path traversal. The attack may be performed from…

  • CVE-2026-4831LowMar 26, 2026
    risk 0.24cvss 3.7epss 0.00

    A security flaw has been discovered in kalcaddle kodbox 1.64. Impacted is the function can of the file /workspace/source-code/app/controller/explorer/auth.class.php of the component Password-protected Share Handler. Performing a manipulation results in improper authentication.…

  • CVE-2026-4588LowMar 23, 2026
    risk 0.24cvss 3.7epss 0.00

    A vulnerability was determined in kalcaddle kodbox 1.64. Impacted is the function shareSafeGroup of the file /workspace/source-code/app/controller/explorer/shareOut.class.php of the component Site-level API key Handler. This manipulation of the argument sk causes use of…

  • CVE-2026-4590LowMar 23, 2026
    risk 0.20cvss 3.1epss 0.00

    A security flaw has been discovered in kalcaddle kodbox 1.64. The impacted element is an unknown function of the file /workspace/source-code/plugins/oauth/controller/bind/index.class.php of the component loginSubmit API. Performing a manipulation of the argument third results in…

  • CVE-2024-51037Nov 15, 2024
    risk 0.00cvss epss 0.00

    An issue in kodbox v.1.52.04 and before allows a remote attacker to obtain sensitive information via the captcha feature in the password reset function.

  • CVE-2023-39691Jan 16, 2024
    risk 0.00cvss epss 0.01

    An issue discovered in kodbox through 1.43 allows attackers to arbitrarily add Administrator accounts via crafted GET request.

  • CVE-2023-6849Dec 16, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in kalcaddle kodbox up to 1.48. It has been rated as critical. Affected by this issue is the function cover of the file plugins/fileThumb/app.php. The manipulation of the argument path leads to server-side request forgery. The attack may be launched…

  • CVE-2023-6848Dec 16, 2023
    risk 0.00cvss epss 0.02

    A vulnerability was found in kalcaddle kodbox up to 1.48. It has been declared as critical. Affected by this vulnerability is the function check of the file plugins/officeViewer/controller/libreOffice/index.class.php. The manipulation of the argument soffice leads to command…

  • CVE-2023-48028Nov 17, 2023
    risk 0.00cvss epss 0.01

    kodbox 1.46.01 has a security flaw that enables user enumeration. This problem is present on the login page, where an attacker can identify valid users based on varying response messages, potentially paving the way for a brute force attack.

  • CVE-2023-45998Oct 23, 2023
    risk 0.00cvss epss 0.00

    kodbox 1.44 is vulnerable to Cross Site Scripting (XSS). Customizing global HTML results in storing XSS.

Page 1 of 2