1+ {
2+ "dataType" : " CVE_RECORD"
3+ "dataVersion" : " 5.2"
4+ "cveMetadata" : {
5+ "cveId" : " CVE-2026-6570"
6+ "assignerOrgId" : " 1af790b2-7ee1-4545-860a-a788eba489b5"
7+ "state" : " PUBLISHED"
8+ "assignerShortName" : " VulDB"
9+ "dateReserved" : " 2026-04-18T19:06:59.838Z"
10+ "datePublished" : " 2026-04-19T11:00:17.545Z"
11+ "dateUpdated" : " 2026-04-19T11:00:17.545Z"
12+ },
13+ "containers" : {
14+ "cna" : {
15+ "providerMetadata" : {
16+ "orgId" : " 1af790b2-7ee1-4545-860a-a788eba489b5"
17+ "shortName" : " VulDB"
18+ "dateUpdated" : " 2026-04-19T11:00:17.545Z"
19+ },
20+ "title" : " kodcloud KodExplorer systemMember.class.php initInstall authorization"
21+ "problemTypes" : [
22+ {
23+ "descriptions" : [
24+ {
25+ "type" : " CWE"
26+ "cweId" : " CWE-639"
27+ "lang" : " en"
28+ "description" : " Authorization Bypass"
29+ }
30+ ]
31+ },
32+ {
33+ "descriptions" : [
34+ {
35+ "type" : " CWE"
36+ "cweId" : " CWE-285"
37+ "lang" : " en"
38+ "description" : " Improper Authorization"
39+ }
40+ ]
41+ }
42+ ],
43+ "affected" : [
44+ {
45+ "vendor" : " kodcloud"
46+ "product" : " KodExplorer"
47+ "versions" : [
48+ {
49+ "version" : " 4.0"
50+ "status" : " affected"
51+ },
52+ {
53+ "version" : " 4.1"
54+ "status" : " affected"
55+ },
56+ {
57+ "version" : " 4.2"
58+ "status" : " affected"
59+ },
60+ {
61+ "version" : " 4.3"
62+ "status" : " affected"
63+ },
64+ {
65+ "version" : " 4.4"
66+ "status" : " affected"
67+ },
68+ {
69+ "version" : " 4.5"
70+ "status" : " affected"
71+ },
72+ {
73+ "version" : " 4.6"
74+ "status" : " affected"
75+ },
76+ {
77+ "version" : " 4.7"
78+ "status" : " affected"
79+ },
80+ {
81+ "version" : " 4.8"
82+ "status" : " affected"
83+ },
84+ {
85+ "version" : " 4.9"
86+ "status" : " affected"
87+ },
88+ {
89+ "version" : " 4.10"
90+ "status" : " affected"
91+ },
92+ {
93+ "version" : " 4.11"
94+ "status" : " affected"
95+ },
96+ {
97+ "version" : " 4.12"
98+ "status" : " affected"
99+ },
100+ {
101+ "version" : " 4.13"
102+ "status" : " affected"
103+ },
104+ {
105+ "version" : " 4.14"
106+ "status" : " affected"
107+ },
108+ {
109+ "version" : " 4.15"
110+ "status" : " affected"
111+ },
112+ {
113+ "version" : " 4.16"
114+ "status" : " affected"
115+ },
116+ {
117+ "version" : " 4.17"
118+ "status" : " affected"
119+ },
120+ {
121+ "version" : " 4.18"
122+ "status" : " affected"
123+ },
124+ {
125+ "version" : " 4.19"
126+ "status" : " affected"
127+ },
128+ {
129+ "version" : " 4.20"
130+ "status" : " affected"
131+ },
132+ {
133+ "version" : " 4.21"
134+ "status" : " affected"
135+ },
136+ {
137+ "version" : " 4.22"
138+ "status" : " affected"
139+ },
140+ {
141+ "version" : " 4.23"
142+ "status" : " affected"
143+ },
144+ {
145+ "version" : " 4.24"
146+ "status" : " affected"
147+ },
148+ {
149+ "version" : " 4.25"
150+ "status" : " affected"
151+ },
152+ {
153+ "version" : " 4.26"
154+ "status" : " affected"
155+ },
156+ {
157+ "version" : " 4.27"
158+ "status" : " affected"
159+ },
160+ {
161+ "version" : " 4.28"
162+ "status" : " affected"
163+ },
164+ {
165+ "version" : " 4.29"
166+ "status" : " affected"
167+ },
168+ {
169+ "version" : " 4.30"
170+ "status" : " affected"
171+ },
172+ {
173+ "version" : " 4.31"
174+ "status" : " affected"
175+ },
176+ {
177+ "version" : " 4.32"
178+ "status" : " affected"
179+ },
180+ {
181+ "version" : " 4.33"
182+ "status" : " affected"
183+ },
184+ {
185+ "version" : " 4.34"
186+ "status" : " affected"
187+ },
188+ {
189+ "version" : " 4.35"
190+ "status" : " affected"
191+ },
192+ {
193+ "version" : " 4.36"
194+ "status" : " affected"
195+ },
196+ {
197+ "version" : " 4.37"
198+ "status" : " affected"
199+ },
200+ {
201+ "version" : " 4.38"
202+ "status" : " affected"
203+ },
204+ {
205+ "version" : " 4.39"
206+ "status" : " affected"
207+ },
208+ {
209+ "version" : " 4.40"
210+ "status" : " affected"
211+ },
212+ {
213+ "version" : " 4.41"
214+ "status" : " affected"
215+ },
216+ {
217+ "version" : " 4.42"
218+ "status" : " affected"
219+ },
220+ {
221+ "version" : " 4.43"
222+ "status" : " affected"
223+ },
224+ {
225+ "version" : " 4.44"
226+ "status" : " affected"
227+ },
228+ {
229+ "version" : " 4.45"
230+ "status" : " affected"
231+ },
232+ {
233+ "version" : " 4.46"
234+ "status" : " affected"
235+ },
236+ {
237+ "version" : " 4.47"
238+ "status" : " affected"
239+ },
240+ {
241+ "version" : " 4.48"
242+ "status" : " affected"
243+ },
244+ {
245+ "version" : " 4.49"
246+ "status" : " affected"
247+ },
248+ {
249+ "version" : " 4.50"
250+ "status" : " affected"
251+ },
252+ {
253+ "version" : " 4.51"
254+ "status" : " affected"
255+ },
256+ {
257+ "version" : " 4.52"
258+ "status" : " affected"
259+ }
260+ ],
261+ "cpes" : [
262+ " cpe:2.3:a:kodcloud:kodexplorer:*:*:*:*:*:*:*:*"
263+ ]
264+ }
265+ ],
266+ "descriptions" : [
267+ {
268+ "lang" : " en"
269+ "value" : " A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function initInstall of the file /app/controller/systemMember.class.php. Performing a manipulation of the argument path results in authorization bypass. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."
270+ }
271+ ],
272+ "metrics" : [
273+ {
274+ "cvssV4_0" : {
275+ "version" : " 4.0"
276+ "baseScore" : 5.1 ,
277+ "vectorString" : " CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"
278+ "baseSeverity" : " MEDIUM"
279+ }
280+ },
281+ {
282+ "cvssV3_1" : {
283+ "version" : " 3.1"
284+ "baseScore" : 2.7 ,
285+ "vectorString" : " CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"
286+ "baseSeverity" : " LOW"
287+ }
288+ },
289+ {
290+ "cvssV3_0" : {
291+ "version" : " 3.0"
292+ "baseScore" : 2.7 ,
293+ "vectorString" : " CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"
294+ "baseSeverity" : " LOW"
295+ }
296+ },
297+ {
298+ "cvssV2_0" : {
299+ "version" : " 2.0"
300+ "baseScore" : 3.3 ,
301+ "vectorString" : " AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"
302+ }
303+ }
304+ ],
305+ "timeline" : [
306+ {
307+ "time" : " 2026-04-18T00:00:00.000Z"
308+ "lang" : " en"
309+ "value" : " Advisory disclosed"
310+ },
311+ {
312+ "time" : " 2026-04-18T02:00:00.000Z"
313+ "lang" : " en"
314+ "value" : " VulDB entry created"
315+ },
316+ {
317+ "time" : " 2026-04-18T21:12:20.000Z"
318+ "lang" : " en"
319+ "value" : " VulDB entry last update"
320+ }
321+ ],
322+ "credits" : [
323+ {
324+ "lang" : " en"
325+ "value" : " vulnplusbot (VulDB User)"
326+ "type" : " reporter"
327+ },
328+ {
329+ "lang" : " en"
330+ "value" : " VulDB CNA Team"
331+ "type" : " coordinator"
332+ }
333+ ],
334+ "references" : [
335+ {
336+ "url" : " https://vuldb.com/vuln/358204"
337+ "name" : " VDB-358204 | kodcloud KodExplorer systemMember.class.php initInstall authorization"
338+ "tags" : [
339+ " vdb-entry"
340+ " technical-description"
341+ ]
342+ },
343+ {
344+ "url" : " https://vuldb.com/vuln/358204/cti"
345+ "name" : " VDB-358204 | CTI Indicators (IOB, IOC, IOA)"
346+ "tags" : [
347+ " signature"
348+ " permissions-required"
349+ ]
350+ },
351+ {
352+ "url" : " https://vuldb.com/submit/789983"
353+ "name" : " Submit #789983 | KodExplorer 4.52 Authorization Bypass"
354+ "tags" : [
355+ " third-party-advisory"
356+ ]
357+ },
358+ {
359+ "url" : " https://vulnplus-note.wetolink.com/share/byd7AQVs42VY"
360+ "tags" : [
361+ " broken-link"
362+ " exploit"
363+ ]
364+ }
365+ ]
366+ }
367+ }
368+ }
0 commit comments