Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
codiad vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2017-1000125
Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell.
Codiad Codiad -
7.5
CVSSv2
CVE-2019-19208
Codiad Web IDE up to and including 2.8.4 allows PHP Code injection.
Codiad Codiad
4.3
CVSSv2
CVE-2020-14042
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Site Scripting (XSS) vulnerability was found in Codiad v1.7.8 and later. The vulnerability occurs because of improper sanitization of the folder's name $path variable in components/filemanager/class.filemanager.php. NOTE: the...
Codiad Codiad
6.8
CVSSv2
CVE-2020-14043
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Side Request Forgery (CSRF) vulnerability was found in Codiad v1.7.8 and later. The request to download a plugin from the marketplace is only available to admin users and it isn't CSRF protected in components/market/controlle...
Codiad Codiad
6.5
CVSSv2
CVE-2020-14044
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Server-Side Request Forgery (SSRF) vulnerability was found in Codiad v1.7.8 and later. A user with admin privileges could use the plugin install feature to make the server request any URL via components/market/class.market.php. This cou...
Codiad Codiad
10
CVSSv2
CVE-2018-14009
Codiad up to and including 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689.
Codiad Codiad
2 Github repositories
7.5
CVSSv2
CVE-2017-11366
components/filemanager/class.filemanager.php in Codiad prior to 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by search_file_type.
Codiad Codiad
1 Github repository
5
CVSSv2
CVE-2014-9581
Directory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remote malicious users to read arbitrary files via a .. (dot dot) in the path parameter. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more...
Codiad Codiad 2.4.3
1 EDB exploit
4.3
CVSSv2
CVE-2013-7257
Cross-site scripting (XSS) vulnerability in Codiad 2.0.7 allows remote malicious users to inject arbitrary web script or HTML via the Project Name field.
Codiad Codiad 2.0.7
4.3
CVSSv2
CVE-2014-9582
Cross-site scripting (XSS) vulnerability in components/filemanager/dialog.php in Codiad 2.4.3 allows remote malicious users to inject arbitrary web script or HTML via the short_name parameter in a rename action. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137;...
Codiad Codiad 2.4.3
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »