VYPR

Kodexplorer

by Kodcloud

Source repositories

CVEs (13)

  • CVE-2026-6569HigApr 19, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in kodcloud KodExplorer up to 4.52. This impacts the function fileGet of the file /app/controller/share.class.php of the component fileGet Endpoint. Such manipulation of the argument fileUrl leads to improper authentication. The attack can be…

  • CVE-2026-6568HigApr 19, 2026
    risk 0.47cvss 7.3epss 0.01

    A vulnerability was determined in kodcloud KodExplorer up to 4.52. This affects the function share.class.php::initShareOld of the file /app/controller/share.class.php of the component Public Share Handler. This manipulation of the argument path causes path traversal. The attack…

  • CVE-2026-6571MedApr 19, 2026
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in kodcloud KodExplorer up to 4.52. Affected by this vulnerability is the function roleGroupAction of the file /app/controller/systemRole.class.php. Executing a manipulation of the argument group_role can lead to authorization bypass. The attack…

  • CVE-2026-6572MedApr 19, 2026
    risk 0.36cvss 5.6epss 0.00

    A security vulnerability has been detected in Collabora KodExplorer up to 4.52. Affected by this issue is some unknown functionality of the file /app/controller/share.class.php of the component fileUpload Endpoint. The manipulation of the argument fileUpload leads to improper…

  • CVE-2026-6570LowApr 19, 2026
    risk 0.18cvss 2.7epss 0.00

    A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function initInstall of the file /app/controller/systemMember.class.php. Performing a manipulation of the argument path results in authorization bypass. The attack may be initiated remotely.…

  • CVE-2022-4944Apr 22, 2023
    risk 0.03cvss epss 0.03

    A vulnerability, which was classified as problematic, has been found in kalcaddle KodExplorer up to 4.49. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been…

  • CVE-2025-34504Dec 11, 2025
    risk 0.00cvss epss 0.00

    KodExplorer 4.52 contains an open redirect vulnerability in the user login page that allows attackers to manipulate the 'link' parameter. Attackers can craft malicious URLs in the link parameter to redirect users to arbitrary external websites after authentication.

  • CVE-2023-6853Dec 16, 2023
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in kalcaddle KodExplorer up to 4.51.03. Affected by this vulnerability is the function index of the file plugins/officeLive/app.php. The manipulation of the argument path leads to server-side request forgery. The attack can be…

  • CVE-2023-6852Dec 16, 2023
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in kalcaddle KodExplorer up to 4.51.03. Affected is an unknown function of the file plugins/webodf/app.php. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has…

  • CVE-2023-6851Dec 16, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been rated as critical. This issue affects the function unzipList of the file plugins/zipView/app.php of the component ZIP Archive Handler. The manipulation leads to code injection. The attack may be…

  • CVE-2023-6850Dec 16, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been declared as critical. This vulnerability affects unknown code of the file /index.php?pluginApp/to/yzOffice/getFile of the component API Endpoint Handler. The manipulation of the argument path/file…

  • CVE-2023-37153Jul 10, 2023
    risk 0.00cvss epss 0.01

    KodExplorer 4.51 contains a Cross-Site Scripting (XSS) vulnerability in the Description box of the Light App creation feature. An attacker can exploit this vulnerability by injecting XSS syntax into the Description field.

  • CVE-2022-46154Dec 6, 2022
    risk 0.00cvss epss 0.01

    Kodexplorer is a chinese language web based file manager and browser based code editor. Versions prior to 4.50 did not prevent unauthenticated users from requesting arbitrary files from the host OS file system. As a result any files available to the host process may be accessed…