kalcaddle KodExplorer app.php server-side request forgery
CVE-2023-6852

9.8CRITICAL

Key Information:

Vendor

kalcaddle

Status
KodExplorer
Vendor
CVE Published:
16 December 2023

What is CVE-2023-6852?

A vulnerability has been identified in KodExplorer by kalcaddle, specifically in the file plugins/webodf/app.php. This flaw allows for server-side request forgery (SSRF) exploits to be executed remotely, potentially compromising server integrity and accessing internal resources. Users are strongly advised to upgrade to version 4.52.01, which includes a patch that addresses this vulnerability.

Affected Version(s)

KodExplorer 4.51.03

References

https://vuldb.com/?id.248220
vdb-entrytechnical-description
https://vuldb.com/?ctiid.248220
signaturepermissions-required
https://note.zhaoj.in/share/P6lQNyqQn3zY
broken-linkexploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

glzjin (VulDB User)
JSON
.