CVE-2025-11016 | kalcaddle kodbox up to 1.61.09 index.class.php fileOut path path traversal

Inserito da Angelo Barbosa | Set 26, 2025 | CVE

A vulnerability labeled as critical has been found in kalcaddle kodbox up to 1.61.09. The affected element is the function fileOut of the file app/controller/explorer/index.class.php. Such manipulation of the argument path leads to path traversal.

This vulnerability is listed as CVE-2025-11016. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-11016 | kalcaddle kodbox up to 1.61.09 index.class.php fileOut path path traversal

Post correlati

CVE-2024-6965 | Tenda O3 1.0.0.10 fromVirtualSet ip/localPort/publicPort/app stack-based overflow

CVE-2024-2744 | NextGEN Gallery Plugin up to 3.59.0 on WordPress Setting cross site scripting

CVE-2024-38892 | Wavlink WN551K1 ExportAllSettings.sh information disclosure

CVE-2024-45508 | HTMLDOC up to 1.9.18 ps-pdf.cxx parse_paragraph out-of-bounds write (Issue 528)