Primary

Context

kalcaddle kodbox Path Traversal Vulnerability in File Output Function

Vulnerability

A path traversal vulnerability has been identified in kalcaddle kodbox versions through 1.61.09. The issue arises in the fileOut function within 'app/controller/explorer/index.class.php', where user-controlled input is not properly sanitized before being used to access files on the server. This vulnerability can be exploited remotely, allowing attackers to read arbitrary files from the system.

Impact

Exploitation of this vulnerability allows for arbitrary file read, which could lead to exposure of sensitive information on the server.

Reproduction

To reproduce this vulnerability, send a GET request to the application with the 'explorer/index/fileOut' path and include a 'path' parameter with a value that specifies a file to read, such as '/etc/passwd'. Ensure that the request includes a valid session cookie and CSRF token.

Added: Sep 26, 2025, 2:20 PM

Updated: Sep 26, 2025, 2:37 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

8.7

remediation

0.0

relevance

0.6

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

8.7

remediation

0.0

relevance

0.6

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

kalcaddle kodbox Path Traversal Vulnerability in File Output Function

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating