kodcloud KodExplorer systemMember.class.php initInstall authorization_CVE-2026-6570

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Description

A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function initInstall of the file /app/controller/systemMember.class.php. Performing a manipulation of the argument path results in authorization bypass. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2026-6570

Source VulDB

Published Apr 19, 2026 at 11:00

Affected Product

Vendor kodcloud

Product KodExplorer

Version 4.0

Affected Versions kodcloud KodExplorer 4.0
kodcloud KodExplorer 4.1
kodcloud KodExplorer 4.2
kodcloud KodExplorer 4.3
kodcloud KodExplorer 4.4
kodcloud KodExplorer 4.5
kodcloud KodExplorer 4.6
kodcloud KodExplorer 4.7
kodcloud KodExplorer 4.8
kodcloud KodExplorer 4.9
kodcloud KodExplorer 4.10
kodcloud KodExplorer 4.11
kodcloud KodExplorer 4.12
kodcloud KodExplorer 4.13
kodcloud KodExplorer 4.14
kodcloud KodExplorer 4.15
kodcloud KodExplorer 4.16
kodcloud KodExplorer 4.17
kodcloud KodExplorer 4.18
kodcloud KodExplorer 4.19
kodcloud KodExplorer 4.20
kodcloud KodExplorer 4.21
kodcloud KodExplorer 4.22
kodcloud KodExplorer 4.23
kodcloud KodExplorer 4.24
kodcloud KodExplorer 4.25
kodcloud KodExplorer 4.26
kodcloud KodExplorer 4.27
kodcloud KodExplorer 4.28
kodcloud KodExplorer 4.29
kodcloud KodExplorer 4.30
kodcloud KodExplorer 4.31
kodcloud KodExplorer 4.32
kodcloud KodExplorer 4.33
kodcloud KodExplorer 4.34
kodcloud KodExplorer 4.35
kodcloud KodExplorer 4.36
kodcloud KodExplorer 4.37
kodcloud KodExplorer 4.38
kodcloud KodExplorer 4.39
kodcloud KodExplorer 4.40
kodcloud KodExplorer 4.41
kodcloud KodExplorer 4.42
kodcloud KodExplorer 4.43
kodcloud KodExplorer 4.44
kodcloud KodExplorer 4.45
kodcloud KodExplorer 4.46
kodcloud KodExplorer 4.47
kodcloud KodExplorer 4.48
kodcloud KodExplorer 4.49
kodcloud KodExplorer 4.50
kodcloud KodExplorer 4.51
kodcloud KodExplorer 4.52

CWE Classification

CWE-639 CWE-285

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function initInstall of the file /app/controller/systemMember.class.php. Performing a manipulation of the argument path results in authorization bypass. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-04-19T11:00:17.545Z",
    "modified": "2026-04-19T11:00:17.545Z",
    "type": "cve",
    "title": "kodcloud KodExplorer systemMember.class.php initInstall authorization",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/358204\nhttps://vuldb.com/vuln/358204/cti\nhttps://vuldb.com/submit/789983\nhttps://vulnplus-note.wetolink.com/share/byd7AQVs42VY",
    "id": "CVE-2026-6570",
    "bulletinFamily": "",
    "cwe": [
        "CWE-639",
        "CWE-285"
    ],
    "cvelist": null,
    "sourceData": "kodcloud KodExplorer 4.0\nkodcloud KodExplorer 4.1\nkodcloud KodExplorer 4.2\nkodcloud KodExplorer 4.3\nkodcloud KodExplorer 4.4\nkodcloud KodExplorer 4.5\nkodcloud KodExplorer 4.6\nkodcloud KodExplorer 4.7\nkodcloud KodExplorer 4.8\nkodcloud KodExplorer 4.9\nkodcloud KodExplorer 4.10\nkodcloud KodExplorer 4.11\nkodcloud KodExplorer 4.12\nkodcloud KodExplorer 4.13\nkodcloud KodExplorer 4.14\nkodcloud KodExplorer 4.15\nkodcloud KodExplorer 4.16\nkodcloud KodExplorer 4.17\nkodcloud KodExplorer 4.18\nkodcloud KodExplorer 4.19\nkodcloud KodExplorer 4.20\nkodcloud KodExplorer 4.21\nkodcloud KodExplorer 4.22\nkodcloud KodExplorer 4.23\nkodcloud KodExplorer 4.24\nkodcloud KodExplorer 4.25\nkodcloud KodExplorer 4.26\nkodcloud KodExplorer 4.27\nkodcloud KodExplorer 4.28\nkodcloud KodExplorer 4.29\nkodcloud KodExplorer 4.30\nkodcloud KodExplorer 4.31\nkodcloud KodExplorer 4.32\nkodcloud KodExplorer 4.33\nkodcloud KodExplorer 4.34\nkodcloud KodExplorer 4.35\nkodcloud KodExplorer 4.36\nkodcloud KodExplorer 4.37\nkodcloud KodExplorer 4.38\nkodcloud KodExplorer 4.39\nkodcloud KodExplorer 4.40\nkodcloud KodExplorer 4.41\nkodcloud KodExplorer 4.42\nkodcloud KodExplorer 4.43\nkodcloud KodExplorer 4.44\nkodcloud KodExplorer 4.45\nkodcloud KodExplorer 4.46\nkodcloud KodExplorer 4.47\nkodcloud KodExplorer 4.48\nkodcloud KodExplorer 4.49\nkodcloud KodExplorer 4.50\nkodcloud KodExplorer 4.51\nkodcloud KodExplorer 4.52",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "KodExplorer",
    "version": "4.0",
    "vendor": "kodcloud",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}