Codiad
by Codiad
Source repositories
- https://github.com/Codiad/Codiadarchived
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-11366 | Cri | 0.57 | 9.8 | 0.08 | Aug 21, 2017 | components/filemanager/class.filemanager.php in Codiad before 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by search_file_type. | ||
| CVE-2017-1000125 | Hig | 0.49 | 7.5 | 0.01 | Nov 17, 2017 | Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell. | ||
| CVE-2018-19423 | 0.05 | — | 0.18 | Nov 21, 2018 | Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file. | |||
| CVE-2014-9582 | 0.03 | — | 0.01 | Jan 8, 2015 | Cross-site scripting (XSS) vulnerability in components/filemanager/dialog.php in Codiad 2.4.3 allows remote attackers to inject arbitrary web script or HTML via the short_name parameter in a rename action. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see… | |||
| CVE-2014-9581 | 0.03 | — | 0.04 | Jan 8, 2015 | Directory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more… | |||
| CVE-2024-26557 | 0.00 | — | 0.00 | Mar 22, 2024 | Codiad v2.8.4 allows reflected XSS via the components/market/dialog.php type parameter. | |||
| CVE-2017-20178 | 0.00 | — | 0.01 | Feb 21, 2023 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Codiad 2.8.0. It has been rated as problematic. Affected by this issue is the function saveJSON of the file components/install/process.php. The manipulation of the argument data leads to information disclosure. The… | |||
| CVE-2013-7257 | 0.00 | — | 0.02 | Jan 3, 2014 | Cross-site scripting (XSS) vulnerability in Codiad 2.0.7 allows remote attackers to inject arbitrary web script or HTML via the Project Name field. |
- risk 0.57cvss 9.8epss 0.08
components/filemanager/class.filemanager.php in Codiad before 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by search_file_type.
- risk 0.49cvss 7.5epss 0.01
Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell.
- CVE-2018-19423Nov 21, 2018risk 0.05cvss —epss 0.18
Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file.
- CVE-2014-9582Jan 8, 2015risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in components/filemanager/dialog.php in Codiad 2.4.3 allows remote attackers to inject arbitrary web script or HTML via the short_name parameter in a rename action. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see…
- CVE-2014-9581Jan 8, 2015risk 0.03cvss —epss 0.04
Directory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more…
- CVE-2024-26557Mar 22, 2024risk 0.00cvss —epss 0.00
Codiad v2.8.4 allows reflected XSS via the components/market/dialog.php type parameter.
- CVE-2017-20178Feb 21, 2023risk 0.00cvss —epss 0.01
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Codiad 2.8.0. It has been rated as problematic. Affected by this issue is the function saveJSON of the file components/install/process.php. The manipulation of the argument data leads to information disclosure. The…
- CVE-2013-7257Jan 3, 2014risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Codiad 2.0.7 allows remote attackers to inject arbitrary web script or HTML via the Project Name field.