CVE-2018-19423

CVE-2018-19423 affects Codiad 2.8.4. Remote authenticated administrators can upload an executable file to execute arbitrary code. The vulnerability is documented across multiple sources (NVD, CNVD, OSV, CVE list) with consistent impact. The provided documents do not include remediation details. P...

CVE-2018-14009

Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689...

CVE-2018-14009

Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689...

Remote code execution

Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689...

CVE-2018-14009

Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689...

CVE-2018-14009

Codiad up to version 2.8.4 is affected by a remote code execution vulnerability. Multiple sources describe an RCE in Codiad (including/related to CVE-2018-14009) that can be triggered via crafted input, with exploitation activity evidenced in public exploit frameworks and exploits (e.g., Exploit-...

Codiad File Upload Vulnerability

Codiad is a set of Web-based IDE framework , it contains a project / file manager and code editor , mainly used for online writing and editing code . A file upload vulnerability exists in Codiad. An attacker can exploit this vulnerability to upload a webshell during installation...

Remote Code Execution (RCE)

Codiad is vulnerable to remote code execution RCE attacks. The admin console's path is not sanitized properly, allowing a malicious user to access arbitrary shell code on the application...

CVE-2017-1000125

Codiadfull version is vulnerable to write anything to configure file in the installation resulting upload a webshell...

CVE-2017-1000125

Codiadfull version is vulnerable to write anything to configure file in the installation resulting upload a webshell...

Design/Logic Flaw

Codiadfull version is vulnerable to write anything to configure file in the installation resulting upload a webshell...

CVE-2017-1000125

Codiadfull version is vulnerable to write anything to configure file in the installation resulting upload a webshell...

CVE-2017-1000125

CVE-2017-1000125 affects Codiad. The vulnerability arises because full-version Codiad allows writing arbitrary data to its installation configuration file, enabling an attacker to upload a webshell. The issue is described consistently across sources as a file upload/configuration write flaw leadi...

Information Disclosure

Codiad is vulnerable to information disclosure. The library does not properly parse json properly, disclosing sensitive information in the json file...

Remote Code Execution (RCE)

codiad/codiad is vulnerable to remote code execution RCE attacks. The library does not properly escape the filepath, allowing a malicious user to inject and execute arbitrary system commands. This CVE is different from CVE-2017-11366 and CVE-2017-15689...

Remote Command Execution (RCE)

Codiad is vulnerable to remote code execution RCE attacks. A malicious user can embed shell commands in parameter values sent to components/filemanager/class.filemanager.php and execute them...

CVE-2017-11366

components/filemanager/class.filemanager.php in Codiad before 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by searchfiletype...

CVE-2017-11366

components/filemanager/class.filemanager.php in Codiad before 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by searchfiletype...

Command injection

components/filemanager/class.filemanager.php in Codiad before 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by searchfiletype...

CVE-2017-11366

CVE-2017-11366 affects Codiad’s components/filemanager/class.filemanager.php, with remote command execution possible when shell commands are embedded in parameter values (notably via search_file_type). The vulnerability exists in Codiad prior to version 2.8.4, which is the fixed release mentioned...