CVE-2022-4944

MEDIUM

kodcloud kodexplorer < 4.49 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2022-4944. PoCs published by Mr Empy, brosck.

AI-analyzed exploit summary This exploit leverages a CSRF vulnerability in KodExplorer <= 4.49 to upload arbitrary files, enabling remote code execution via a webshell or reverse shell. It requires user interaction to trigger the file upload.

Description

A vulnerability, which was classified as problematic, has been found in kalcaddle KodExplorer up to 4.49. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.50 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227000.

Exploits (3)

exploitdb WORKING POC
by Mr Empy · pythonwebappsphp
https://www.exploit-db.com/exploits/51388

This exploit leverages a CSRF vulnerability in KodExplorer <= 4.49 to upload arbitrary files, enabling remote code execution via a webshell or reverse shell. It requires user interaction to trigger the file upload.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: KodExplorer <= 4.49
No auth needed
Prerequisites: Target must be running KodExplorer <= 4.49 · Attacker must trick a user into clicking a malicious link
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 2 stars
by brosck · poc
https://github.com/brosck/CVE-2022-4944

This PoC exploits CVE-2022-4944, a CSRF vulnerability in KODExplorer <= v4.49, to achieve remote code execution by tricking a victim into downloading a malicious PHP shell. It supports both webshell and reverse shell modes.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: KODExplorer <= v4.49
No auth needed
Prerequisites: Victim interaction to trigger CSRF · Network access to target KODExplorer instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
inthewild WORKING POC
poc
https://github.com/mrempy/cve-2022-4944

This repository contains a functional exploit for CVE-2022-4944, which leverages a CSRF vulnerability in KodExplorer <= 4.49 to upload a malicious PHP shell. The exploit supports both webshell and reverse shell modes, demonstrating remote code execution (RCE).

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: KodExplorer <= 4.49
No auth needed
Prerequisites: Target must be running KodExplorer <= 4.49 · Attacker must have network access to the target · Victim must be tricked into clicking a crafted URL (CSRF)
devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory vdb-entry technical-description
https://vuldb.com/?id.227000
Third Party Advisory signature permissions-required
https://vuldb.com/?ctiid.227000
Issue Tracking, Third Party Advisory issue-tracking
https://github.com/kalcaddle/KodExplorer/issues/512

Scores

CVSS v3 4.3
EPSS 0.0262
EPSS Percentile 86.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Details

CWE
CWE-352
Status published
Products (1)
kodcloud/kodexplorer < 4.49
Published Apr 22, 2023
Tracked Since Feb 18, 2026