kalcaddle kodbox Media File Preview Plugin VideoResize.class.php run os command...

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in kalcaddle kodbox up to 1.64.05. The impacted element is the function run of the file plugins/fileThumb/lib/VideoResize.class.php of the component Media File Preview Plugin. Such manipulation of the argument localFile leads to os command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2026-2560

Source VulDB

Published Feb 16, 2026 at 14:02

Affected Product

Vendor kalcaddle

Product kodbox

Version 1.64.05

Affected Versions kalcaddle kodbox 1.64.05

CWE Classification

CWE-78 CWE-77

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in kalcaddle kodbox up to 1.64.05. The impacted element is the function run of the file plugins/fileThumb/lib/VideoResize.class.php of the component Media File Preview Plugin. Such manipulation of the argument localFile leads to os command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-02-16T14:02:06.156Z",
    "modified": "2026-02-16T14:02:06.156Z",
    "type": "cve",
    "title": "kalcaddle kodbox Media File Preview Plugin VideoResize.class.php run os command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.346167\nhttps://vuldb.com/?ctiid.346167\nhttps://vuldb.com/?submit.750944\nhttps://gist.github.com/DReazer/d7380aca4ade9fd73b688633901367ed\nhttps://gist.github.com/DReazer/d7380aca4ade9fd73b688633901367ed#proof-of-concept-poc",
    "id": "CVE-2026-2560",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78",
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "kalcaddle kodbox 1.64.05",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "kodbox",
    "version": "1.64.05",
    "vendor": "kalcaddle",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

kalcaddle kodbox Media File Preview Plugin VideoResize.class.php run os command injection_CVE-2026-2560