CVE-2023-6850 | kalcaddle KodExplorer up to 4.51.03 API Endpoint path/file unrestricted upload

Inserito da Angelo Barbosa | Dic 15, 2023 | CVE

A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been declared as critical. This vulnerability affects unknown code of the file /index.php?pluginApp/to/yzOffice/getFile of the component API Endpoint Handler. The manipulation of the argument path/file leads to unrestricted upload.

This vulnerability was named CVE-2023-6850. The attack can be initiated remotely. Furthermore, there is an exploit available.

It is recommended to upgrade the affected component.

CVE-2023-6850 | kalcaddle KodExplorer up to 4.51.03 API Endpoint path/file unrestricted upload

Post correlati

CVE-2023-7021 | Tongda OA 2017 up to 11.9 delete_search.php VU_ID sql injection

CVE-2024-47612 | miraheze DataDump cross site scripting

CVE-2023-39340 | Ivanti Connect Secure up to 22.6R1 denial of service

CVE-2024-42302 | Linux Kernel up to 6.1.102/6.6.43/6.10.2 dpc_handler use after free