A vulnerability was found in kalcaddle kodbox up to 1.48. It has been declared as critical. Affected by this vulnerability is the function check of the file plugins/officeViewer/controller/libreOffice/index.class.php. The manipulation of the argument soffice leads to command injection.

This vulnerability is known as CVE-2023-6848. The attack can be launched remotely. Furthermore, there is an exploit available.

It is recommended to upgrade the affected component.