kalcaddle kodbox app.php cover server-side request forgery
CVE-2023-6849

7.3HIGH

Key Information:

Vendor

Kalcaddle

Status
Kodbox
Vendor
CVE Published:
16 December 2023

What is CVE-2023-6849?

A vulnerability exists in Kalcaddle Kodbox versions up to 1.48 wherein the 'cover' function in plugins/fileThumb/app.php is susceptible to manipulation. An attacker can exploit this flaw via crafted arguments to perform server-side request forgery, potentially allowing them to access server resources that should be protected. This vulnerability is particularly concerning due to its remote exploitability. It is recommended that users upgrade to version 1.48.04 or later to mitigate this issue. For those affected, applying the patch identified as 63a4d5708d210f119c24afd941d01a943e25334c is crucial.

Affected Version(s)

kodbox 1.0

kodbox 1.1

kodbox 1.2

References

https://vuldb.com/?id.248210
vdb-entrytechnical-description
https://vuldb.com/?ctiid.248210
signaturepermissions-required
https://note.zhaoj.in/share/jSsPAWT1pKsq
broken-linkexploit

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

glzjin (VulDB User)
JSON
.