CVE-2026-6568
HIGHkodcloud KodExplorer Public Share share.class.php initShareOld path traversal
Title source: cnaDescription
A vulnerability was determined in kodcloud KodExplorer up to 4.52. This affects the function share.class.php::initShareOld of the file /app/controller/share.class.php of the component Public Share Handler. This manipulation of the argument path causes path traversal. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
References (4)
Core 4
Core References
Third Party Advisory third-party-advisory
Submit #789981 | KodExplorer 4.52 Path Traversal
https://vuldb.com/submit/789981
Exploit broken-link
exploit
https://vulnplus-note.wetolink.com/share/JyHBnRUaoOY2
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-358202 | kodcloud KodExplorer Public Share share.class.php initShareOld path traversal
https://vuldb.com/vuln/358202
Signature, Permissions Required signature
permissions-required
VDB-358202 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/358202/cti
Scores
CVSS v3
7.3
EPSS
0.0051
EPSS Percentile
39.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (50)
kodcloud/KodExplorer
4.0
kodcloud/KodExplorer
4.1
kodcloud/KodExplorer
4.10
kodcloud/KodExplorer
4.11
kodcloud/KodExplorer
4.12
kodcloud/KodExplorer
4.13
kodcloud/KodExplorer
4.14
kodcloud/KodExplorer
4.15
kodcloud/KodExplorer
4.16
kodcloud/KodExplorer
4.17
... and 40 more
Published
Apr 19, 2026
Tracked Since
Apr 19, 2026