CVE-2023-6852: kalcaddle KodExplorer app.php server-side request forgery
First published: Sat Dec 16 2023(Updated: )
A vulnerability classified as critical has been found in kalcaddle KodExplorer up to 4.51.03. Affected is an unknown function of the file plugins/webodf/app.php. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The name of the patch is 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248220.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Kodexplorer | <4.52.01 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-6852?
CVE-2023-6852 is classified as a critical vulnerability.
How do I fix CVE-2023-6852?
To fix CVE-2023-6852, upgrade KodExplorer to version 4.52.01 or later.
What type of attack is associated with CVE-2023-6852?
CVE-2023-6852 is associated with a server-side request forgery (SSRF) attack.
Can CVE-2023-6852 be exploited remotely?
Yes, CVE-2023-6852 can be exploited remotely.
Which versions of KodExplorer are affected by CVE-2023-6852?
KodExplorer versions up to 4.51.03 are affected by CVE-2023-6852.
- agent/first-publish-date
- agent/type
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/remedy
- agent/title
- agent/description
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/kodcloud
- canonical/kodexplorer