PT-2026-8349 · Unknown+1 · Kalcaddle Kodbox+1
Snkn0W
·
Published
2026-02-16
·
Updated
2026-02-19
·
CVE-2026-2560
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
kalcaddle kodbox versions up to 1.64.05
Description
A flaw exists in kalcaddle kodbox that allows for operating system command injection. This occurs through manipulation of the
localFile argument within the run function of the plugins/fileThumb/lib/VideoResize.class.php file, part of the Media File Preview Plugin component. The attack can be carried out remotely. The exploit for this issue has been publicly disclosed. The vendor was informed of the disclosure but did not provide a response.Recommendations
Versions prior to 1.64.05 should be updated. As a temporary workaround, consider restricting access to the
plugins/fileThumb/lib/VideoResize.class.php file.Exploit
Fix
OS Command Injection
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Media File Preview Plugin
Kalcaddle Kodbox