Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

kodbox — Vulnerabilities & Security Advisories 16

All 16 CVE vulnerabilities found in kodbox, with AI-generated Chinese analysis, references, and POCs.

Vendor: n/a

CVE IDTitleCVSSSeverityPublished
CVE-2026-5618 kalcaddle kodbox shareMake/shareCheck server-side request forgery CWE-918 5.6 Medium2026-04-06
CVE-2026-4831 kalcaddle kodbox Password-protected Share auth.class.php can improper authentication CWE-287 3.7 Low2026-03-26
CVE-2026-4830 kalcaddle kodbox Public Share userShare.class.php add privilege escalation CWE-434 5.6 Medium2026-03-26
CVE-2026-4592 kalcaddle kodbox Password Login index.class.php tfaVerify improper authentication CWE-287 5.6 Medium2026-03-23
CVE-2026-4591 kalcaddle kodbox fileThumb Endpoint app.php checkBin os command injection CWE-78 4.7 Medium2026-03-23
CVE-2026-4590 kalcaddle kodbox loginSubmit API index.class.php cross-site request forgery CWE-352 3.1 Low2026-03-23
CVE-2026-4589 kalcaddle kodbox fileGet Endpoint editor.class.php PathDriverUrl server-side request forgery CWE-918 6.3 Medium2026-03-23
CVE-2026-4588 kalcaddle kodbox Site-level API key shareOut.class.php shareSafeGroup hard-coded key CWE-321 3.7 Low2026-03-23
CVE-2026-2560 kalcaddle kodbox Media File Preview Plugin VideoResize.class.php run os command injection CWE-78 6.3 Medium2026-02-16
CVE-2026-1066 kalcaddle kodbox Compression zip command injection CWE-77 6.3 Medium2026-01-17
CVE-2025-11016 kalcaddle kodbox index.class.php fileOut path traversal CWE-22 4.3 Medium2025-09-26
CVE-2025-10233 kalcaddle kodbox editor.class.php fileSave path traversal CWE-22 6.3 Medium2025-09-10
CVE-2025-9414 kalcaddle kodbox Download from Link serverDownload server-side request forgery CWE-918 4.7 Medium2025-08-25
CVE-2023-6849 kalcaddle kodbox app.php cover server-side request forgery CWE-918 7.3 High2023-12-16
CVE-2023-6848 kalcaddle kodbox index.class.php check command injection CWE-77 7.3 High2023-12-16
CVE-2023-3607 kodbox WebConsole Plug-In webconsole.php.txt Execute os command injection CWE-78 5.5 Medium2023-07-10

All 16 known CVE vulnerabilities affecting kodbox with full Chinese analysis, references, and POCs where available.