PT-2025-54428 · Unknown · Kohana Kodicms
Hiro
·
Published
2025-12-31
·
Updated
2025-12-31
·
CVE-2025-15393
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Kohana KodiCMS versions prior to 13.82.135
Description
A security issue exists in Kohana KodiCMS. The
Save function within the file cms/modules/kodicms/classes/kodicms/model/file.php of the Layout API Endpoint is affected. Manipulation of the content argument can lead to code injection. This attack can be initiated remotely. The exploit has been publicly disclosed.Recommendations
Update Kohana KodiCMS to a version later than 13.82.135.
Exploit
Fix
Special Elements Injection
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Kohana Kodicms