CVE-2025-15392

Name of the Vulnerable Software and Affected Versions Kohana KodiCMS versions through 13.82.135

Description A flaw exists in Kohana KodiCMS that could allow for remote code execution. The issue stems from the manipulation of the keyword argument within the like function located in the file cms/modules/pages/classes/kodicms/model/page.php, specifically within the Search API Endpoint. This can lead to SQL injection. The exploit for this issue is publicly available. The vendor was notified but did not respond.

Recommendations Versions prior to 13.82.135 should be used. As a temporary workaround, consider restricting access to the Search API Endpoint until a patch is available.