CVE-2025-15393 | Kohana KodiCMS up to 13.82.135 Layout API Endpoint file.php save content code injection

A vulnerability marked as critical has been reported in Kohana KodiCMS up to 13.82.135. This impacts the function Save of the file cms/modules/kodicms/classes/kodicms/model/file.php of the component Layout API Endpoint. The manipulation of the argument content leads to code injection.

This vulnerability is documented as CVE-2025-15393. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-15393 | Kohana KodiCMS up to 13.82.135 Layout API Endpoint file.php save content code injection

Post correlati

CVE-2022-23862 | Y Soft SAFEQ 6 Build 53 SafeQ JMX Service Local Privilege Escalation

CVE-2024-36115 | dzikoysk reposilite up to 3.5.11 cross site scripting (GHSA-9w8w-34vr-65j2)

CVE-2024-28595 | Employee Management System 1.0 update-admin.php admin_id sql injection

CVE-2024-1706 | ZKTeco ZKBio Access IVS up to 3.3.2 Department Name Search Bar cross site scripting