A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been declared as critical. This vulnerability affects unknown code of the file /index.php?pluginApp/to/yzOffice/getFile of the component API Endpoint Handler. The manipulation of the argument path/file leads to unrestricted upload.

This vulnerability was named CVE-2023-6850. The attack can be initiated remotely. Furthermore, there is an exploit available.

It is recommended to upgrade the affected component.