Vulnerabilities > Codiad

DATE CVE VULNERABILITY TITLE RISK
2023-02-21 CVE-2017-20178 Unspecified vulnerability in Codiad 2.8.0
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Codiad 2.8.0.
network
low complexity
codiad
7.5
2021-01-27 CVE-2020-23355 Improper Authentication vulnerability in Codiad 2.8.4
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Codiad 2.8.4 /componetns/user/class.user.php:Authenticate() is vulnerable in magic hash authentication bypass.
network
codiad CWE-287
4.3
2020-08-25 CVE-2020-14042 Cross-site Scripting vulnerability in Codiad
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Site Scripting (XSS) vulnerability was found in Codiad v1.7.8 and later.
network
low complexity
codiad CWE-79
6.1
2020-08-24 CVE-2020-14044 Server-Side Request Forgery (SSRF) vulnerability in Codiad
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Server-Side Request Forgery (SSRF) vulnerability was found in Codiad v1.7.8 and later.
network
low complexity
codiad CWE-918
7.2
2020-08-24 CVE-2020-14043 Cross-Site Request Forgery (CSRF) vulnerability in Codiad
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Side Request Forgery (CSRF) vulnerability was found in Codiad v1.7.8 and later.
network
low complexity
codiad CWE-352
8.8
2020-03-16 CVE-2019-19208 Code Injection vulnerability in Codiad
Codiad Web IDE through 2.8.4 allows PHP Code injection.
network
low complexity
codiad CWE-94
7.5
2018-11-21 CVE-2018-19423 Unrestricted Upload of File with Dangerous Type vulnerability in Codiad 2.8.4
Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file.
network
low complexity
codiad CWE-434
6.5
2018-07-12 CVE-2018-14009 Improper Input Validation vulnerability in Codiad
Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689.
network
low complexity
codiad CWE-20
critical
10.0
2017-11-17 CVE-2017-1000125 Incorrect Permission Assignment for Critical Resource vulnerability in Codiad
Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell.
network
low complexity
codiad CWE-732
5.0
2017-08-21 CVE-2017-11366 OS Command Injection vulnerability in Codiad
components/filemanager/class.filemanager.php in Codiad before 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by search_file_type.
network
low complexity
codiad CWE-78
7.5