VYPR

Codiad

by Codiad

Source repositories

CVEs (8)

  • CVE-2017-11366CriAug 21, 2017
    risk 0.57cvss 9.8epss 0.08

    components/filemanager/class.filemanager.php in Codiad before 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by search_file_type.

  • CVE-2017-1000125HigNov 17, 2017
    risk 0.49cvss 7.5epss 0.01

    Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell.

  • CVE-2018-19423Nov 21, 2018
    risk 0.05cvss epss 0.18

    Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file.

  • CVE-2014-9582Jan 8, 2015
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in components/filemanager/dialog.php in Codiad 2.4.3 allows remote attackers to inject arbitrary web script or HTML via the short_name parameter in a rename action. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see…

  • CVE-2014-9581Jan 8, 2015
    risk 0.03cvss epss 0.04

    Directory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more…

  • CVE-2024-26557Mar 22, 2024
    risk 0.00cvss epss 0.00

    Codiad v2.8.4 allows reflected XSS via the components/market/dialog.php type parameter.

  • CVE-2017-20178Feb 21, 2023
    risk 0.00cvss epss 0.01

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Codiad 2.8.0. It has been rated as problematic. Affected by this issue is the function saveJSON of the file components/install/process.php. The manipulation of the argument data leads to information disclosure. The…

  • CVE-2013-7257Jan 3, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Codiad 2.0.7 allows remote attackers to inject arbitrary web script or HTML via the Project Name field.