PT-2023-32791 · Kalcaddle · Kodexplorer
Glzjin
·
Published
2023-12-16
·
Updated
2024-05-17
·
CVE-2023-6850
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
kalcaddle KodExplorer versions up to 4.51.03
Description
A critical issue affects the API Endpoint Handler component, specifically the /index.php?pluginApp/to/yzOffice/getFile file. The manipulation of the
path/file argument leads to unrestricted upload. This issue can be exploited remotely.Recommendations
For versions up to 4.51.03, upgrade to version 4.52.01 to address this issue. As a temporary workaround, consider restricting access to the
/index.php?pluginApp/to/yzOffice/getFile API endpoint until the upgrade is applied. Additionally, avoid using the path/file argument in the affected API endpoint until the issue is resolved.Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kodexplorer