3 matches found
CVE-2020-14043
PRODUCT NOT SUPPORTED WHEN ASSIGNED A Cross Side Request Forgery CSRF vulnerability was found in Codiad v1.7.8 and later. The request to download a plugin from the marketplace is only available to admin users and it isn't CSRF protected in components/market/controller.php. This might cause admins...
CVE-2020-14043
PRODUCT NOT SUPPORTED WHEN ASSIGNED A Cross Side Request Forgery CSRF vulnerability was found in Codiad v1.7.8 and later. The request to download a plugin from the marketplace is only available to admin users and it isn't CSRF protected in components/market/controller.php. This might cause admins...
CVE-2020-14043
The CVE-2020-14043 issue affects Codiad v1.7.8 and later. The root cause is lack of CSRF protection in the marketplace plugin download flow (components/market/controller.php), which could allow an admin-initiated action to be exploited, potentially leading to remote code execution. Documented ref...