Skip to main content

Kodbox

10 CVEs product

Monthly

CVE-2026-5618 LOW POC Monitor

Server-side request forgery (SSRF) in Kalcaddle Kodbox up to version 1.64 allows unauthenticated remote attackers to perform arbitrary network requests via manipulation of the siteFrom/siteTo parameters in the shareMake/shareCheck component, with publicly available exploit code and high attack complexity. The vendor has not responded to disclosure efforts, leaving affected installations vulnerable to information disclosure and potential lateral network attacks.

SSRF Kodbox
NVD VulDB
CVSS 4.0
2.9
EPSS
0.0%
CVE-2026-1066 LOW Monitor

Kodbox versions up to 1.61.10 contain a command injection vulnerability in the compression handler component that allows authenticated remote attackers to execute arbitrary commands with network access. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor.

Command Injection Kodbox
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.3%
CVE-2024-51037 MEDIUM POC This Month

An issue in kodbox v.1.52.04 and before allows a remote attacker to obtain sensitive information via the captcha feature in the password reset function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Kodbox
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-6849 CRITICAL PATCH Act Now

A vulnerability was found in kalcaddle kodbox up to 1.48. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF PHP Kodbox
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-6848 CRITICAL PATCH Act Now

A vulnerability was found in kalcaddle kodbox up to 1.48. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

PHP Command Injection Kodbox
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.3%
CVE-2023-48028 CRITICAL POC Act Now

kodbox 1.46.01 has a security flaw that enables user enumeration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Kodbox
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-45998 MEDIUM This Month

kodbox 1.44 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Kodbox
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-3607 HIGH POC This Week

A vulnerability was found in kodbox 1.26. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Kodbox
NVD GitHub VulDB
CVSS 3.1
8.0
EPSS
6.4%
CVE-2023-29790 HIGH This Week

kodbox 1.2.x through 1.3.7 has a Sensitive Information Leakage issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kodbox
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-29791 MEDIUM This Month

kodbox <= 1.37 is vulnerable to Cross Site Scripting (XSS) via the debug information. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Kodbox
NVD
CVSS 3.1
6.1
EPSS
0.4%
EPSS 0% CVSS 2.9
LOW POC Monitor

Server-side request forgery (SSRF) in Kalcaddle Kodbox up to version 1.64 allows unauthenticated remote attackers to perform arbitrary network requests via manipulation of the siteFrom/siteTo parameters in the shareMake/shareCheck component, with publicly available exploit code and high attack complexity. The vendor has not responded to disclosure efforts, leaving affected installations vulnerable to information disclosure and potential lateral network attacks.

SSRF Kodbox
NVD VulDB
EPSS 0% CVSS 2.1
LOW Monitor

Kodbox versions up to 1.61.10 contain a command injection vulnerability in the compression handler component that allows authenticated remote attackers to execute arbitrary commands with network access. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor.

Command Injection Kodbox
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

An issue in kodbox v.1.52.04 and before allows a remote attacker to obtain sensitive information via the captcha feature in the password reset function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Kodbox
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

A vulnerability was found in kalcaddle kodbox up to 1.48. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF PHP Kodbox
NVD GitHub VulDB
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

A vulnerability was found in kalcaddle kodbox up to 1.48. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

PHP Command Injection Kodbox
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

kodbox 1.46.01 has a security flaw that enables user enumeration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Kodbox
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

kodbox 1.44 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Kodbox
NVD GitHub
EPSS 6% CVSS 8.0
HIGH POC This Week

A vulnerability was found in kodbox 1.26. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Kodbox
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH This Week

kodbox 1.2.x through 1.3.7 has a Sensitive Information Leakage issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kodbox
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

kodbox <= 1.37 is vulnerable to Cross Site Scripting (XSS) via the debug information. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Kodbox
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy