CVE-2026-6569
Received
Received - Intake
Improper Authentication in KodExplorer fileGet Endpoint Allows Remote Access
Publication date: 2026-04-19
Last updated on: 2026-04-19
Assigner: VulDB
Description
Description
A vulnerability was identified in kodcloud KodExplorer up to 4.52. This impacts the function fileGet of the file /app/controller/share.class.php of the component fileGet Endpoint. Such manipulation of the argument fileUrl leads to improper authentication. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| kodcloud | kodexplorer | to 4.52 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in kodcloud KodExplorer up to version 4.52, specifically in the fileGet function of the /app/controller/share.class.php file. It involves improper authentication caused by manipulation of the fileUrl argument. An attacker can exploit this remotely to bypass authentication controls.
How can this vulnerability impact me? :
The vulnerability allows remote attackers to bypass authentication, potentially granting unauthorized access to files or data managed by KodExplorer. This can lead to exposure, modification, or deletion of sensitive information.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70