Snkn0W

**Name of the Vulnerable Software and Affected Versions** kalcaddle kodbox versions up to 1.64.05 **Description** A flaw exists in kalcaddle kodbox that allows for operating system command injection. This occurs through manipulation of the `localFile` argument within the `run` function of the `plugins/fileThumb/lib/VideoResize.class.php` file, part of the Media File Preview Plugin component. The attack can be carried out remotely. The exploit for this issue has been publicly disclosed. The vendor was informed of the disclosure but did not provide a response. **Recommendations** Versions prior to 1.64.05 should be updated. As a temporary workaround, consider restricting access to the `plugins/fileThumb/lib/VideoResize.class.php` file.

**Name of the Vulnerable Software and Affected Versions** kalcaddle kodbox versions up to 1.61.10 **Description** A command injection issue exists in kalcaddle kodbox. The issue is related to the processing of the file `/explorer/index/zip` within the Compression Handler component. Successful exploitation may allow for remote command execution. The exploit is publicly available. **Recommendations** Versions prior to 1.61.10 are vulnerable. At the moment, there is no information about a newer version that contains a fix for this vulnerability.