PT-2026-8349 · Unknown+1 · Kalcaddle Kodbox+1
Snkn0W
·
Publicado
2026-02-16
·
Atualizado
2026-02-19
·
CVE-2026-2560
CVSS v2.0
6.5
Média
| Vetor | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
kalcaddle kodbox versions up to 1.64.05
Description
A flaw exists in kalcaddle kodbox that allows for operating system command injection. This occurs through manipulation of the
localFile argument within the run function of the plugins/fileThumb/lib/VideoResize.class.php file, part of the Media File Preview Plugin component. The attack can be carried out remotely. The exploit for this issue has been publicly disclosed. The vendor was informed of the disclosure but did not provide a response.Recommendations
Versions prior to 1.64.05 should be updated. As a temporary workaround, consider restricting access to the
plugins/fileThumb/lib/VideoResize.class.php file.Exploit
Correção
OS Command Injection
Command Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Media File Preview Plugin
Kalcaddle Kodbox