CVE-2025-11016 | kalcaddle kodbox up to 1.61.09 index.class.php fileOut path path traversal

Inserito da Angelo Barbosa | Set 26, 2025 | CVE

A vulnerability labeled as critical has been found in kalcaddle kodbox up to 1.61.09. The affected element is the function fileOut of the file app/controller/explorer/index.class.php. Such manipulation of the argument path leads to path traversal.

This vulnerability is listed as CVE-2025-11016. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-11016 | kalcaddle kodbox up to 1.61.09 index.class.php fileOut path path traversal

Post correlati

CVE-2023-52325 | Trend Micro Apex Central WFProxy file inclusion

CVE-2025-4479 | ElementsKit Elementor Addons and Templates Plugin up to 3.5.2 on WordPress Image Comparison Widget cross site scripting

CVE-2024-2410 | protocolbuffers protobuf up to 4.24.x JsonToBinaryStream use after free

CVE-2024-45567 | Qualcomm Snapdragon Compute FastConnect 6900 up to WSA8832 JPEG Encoding use after free