CVE-2026-4591
MEDIUM
5,1
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: high
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
MEDIUM
4,7
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: high
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: low
Availability: low
MEDIUM
5,8
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: multiple
Confidentiality: partial
Integrity: partial
Availability: partial
Description
AI Translation Available
A weakness has been identified in kalcaddle kodbox 1.64. This affects the function checkBin of the file /workspace/source-code/plugins/fileThumb/app.php of the component fileThumb Endpoint. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
DraftCommon Consequences
Security Scopes Affected:
Integrity
Confidentiality
Availability
Potential Impacts:
Execute Unauthorized Code Or Commands
Applicable Platforms
Technologies:
AI/ML
78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
StableCommon Consequences
Security Scopes Affected:
Confidentiality
Integrity
Availability
Non-Repudiation
Potential Impacts:
Execute Unauthorized Code Or Commands
Dos: Crash, Exit, Or Restart
Read Files Or Directories
Modify Files Or Directories
Read Application Data
Modify Application Data
Hide Activities
Applicable Platforms
Technologies:
AI/ML, Not Technology-Specific, Web Server
https://vuldb.com/?ctiid.352427
https://vuldb.com/?id.352427
https://vuldb.com/?submit.775470
https://vulnplus-note.wetolink.com/share/3ml5XA0firIa