Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
codiad codiad vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-14009
Codiad up to and including 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689.
Codiad Codiad
2 Github repositories
8.8
CVSSv3
CVE-2020-14043
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Side Request Forgery (CSRF) vulnerability was found in Codiad v1.7.8 and later. The request to download a plugin from the marketplace is only available to admin users and it isn't CSRF protected in components/market/controlle...
Codiad Codiad
9.8
CVSSv3
CVE-2019-19208
Codiad Web IDE up to and including 2.8.4 allows PHP Code injection.
Codiad Codiad
9.8
CVSSv3
CVE-2017-11366
components/filemanager/class.filemanager.php in Codiad prior to 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by search_file_type.
Codiad Codiad
1 Github repository
7.5
CVSSv3
CVE-2017-1000125
Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell.
Codiad Codiad -
7.2
CVSSv3
CVE-2020-14044
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Server-Side Request Forgery (SSRF) vulnerability was found in Codiad v1.7.8 and later. A user with admin privileges could use the plugin install feature to make the server request any URL via components/market/class.market.php. This cou...
Codiad Codiad
6.1
CVSSv3
CVE-2020-14042
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Site Scripting (XSS) vulnerability was found in Codiad v1.7.8 and later. The vulnerability occurs because of improper sanitization of the folder's name $path variable in components/filemanager/class.filemanager.php. NOTE: the...
Codiad Codiad
7.5
CVSSv3
CVE-2020-23355
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Codiad 2.8.4 /componetns/user/class.user.php:Authenticate() is vulnerable in magic hash authentication bypass. If encrypted or hash value for the passwords form certain formats of magic hash, e.g, 0e123, another hash value 0e234 something...
Codiad Codiad 2.8.4
NA
CVE-2013-7257
Cross-site scripting (XSS) vulnerability in Codiad 2.0.7 allows remote malicious users to inject arbitrary web script or HTML via the Project Name field.
Codiad Codiad 2.0.7
NA
CVE-2014-9581
Directory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remote malicious users to read arbitrary files via a .. (dot dot) in the path parameter. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more...
Codiad Codiad 2.4.3
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »