Codiad Security Vulnerabilities
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Codiad 2.8.0. It has been rated as problematic. Affected by this issue is the function saveJSON of the file components/install/process.php. The manipulation of the argument data leads to information disclosure. The attack may be launched....
7.5CVSS
7.3AI Score
0.001EPSS
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Codiad 2.8.4 /componetns/user/class.user.php:Authenticate() is vulnerable in magic hash authentication bypass. If encrypted or hash value for the passwords form certain formats of magic hash, e.g, 0e123, another hash value 0e234 something can successfully.....
7.5CVSS
7.6AI Score
0.001EPSS
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Site Scripting (XSS) vulnerability was found in Codiad v1.7.8 and later. The vulnerability occurs because of improper sanitization of the folder's name $path variable in components/filemanager/class.filemanager.php. NOTE: the vendor states "Codiad.....
6.1CVSS
6.4AI Score
0.001EPSS
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Side Request Forgery (CSRF) vulnerability was found in Codiad v1.7.8 and later. The request to download a plugin from the marketplace is only available to admin users and it isn't CSRF protected in components/market/controller.php. This might cause....
8.8CVSS
8.4AI Score
0.032EPSS
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Server-Side Request Forgery (SSRF) vulnerability was found in Codiad v1.7.8 and later. A user with admin privileges could use the plugin install feature to make the server request any URL via components/market/class.market.php. This could potentially...
7.2CVSS
8.3AI Score
0.052EPSS
9.8CVSS
9.7AI Score
0.339EPSS
Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable...
7.2CVSS
7.3AI Score
0.086EPSS
Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and...
9.8CVSS
9.5AI Score
0.103EPSS
Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a...
7.5CVSS
7.5AI Score
0.001EPSS
components/filemanager/class.filemanager.php in Codiad before 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by...
9.8CVSS
9.6AI Score
0.041EPSS
Directory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more...
6.4AI Score
0.014EPSS
Cross-site scripting (XSS) vulnerability in components/filemanager/dialog.php in Codiad 2.4.3 allows remote attackers to inject arbitrary web script or HTML via the short_name parameter in a rename action. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for...
5.5AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in Codiad 2.0.7 allows remote attackers to inject arbitrary web script or HTML via the Project Name...
5.9AI Score
0.003EPSS