Vulnerabilities > Codiad > Codiad > 2.8.4

DATE CVE VULNERABILITY TITLE RISK
2021-01-27 CVE-2020-23355 Improper Authentication vulnerability in Codiad 2.8.4
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Codiad 2.8.4 /componetns/user/class.user.php:Authenticate() is vulnerable in magic hash authentication bypass.
network
codiad CWE-287
4.3
4.3
2020-08-25 CVE-2020-14042 Cross-site Scripting vulnerability in Codiad
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Site Scripting (XSS) vulnerability was found in Codiad v1.7.8 and later.
network
low complexity
codiad CWE-79
6.1
6.1
2020-08-24 CVE-2020-14044 Server-Side Request Forgery (SSRF) vulnerability in Codiad
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Server-Side Request Forgery (SSRF) vulnerability was found in Codiad v1.7.8 and later.
network
low complexity
codiad CWE-918
7.2
7.2
2020-08-24 CVE-2020-14043 Cross-Site Request Forgery (CSRF) vulnerability in Codiad
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Side Request Forgery (CSRF) vulnerability was found in Codiad v1.7.8 and later.
network
low complexity
codiad CWE-352
8.8
8.8
2020-03-16 CVE-2019-19208 Code Injection vulnerability in Codiad
Codiad Web IDE through 2.8.4 allows PHP Code injection.
network
low complexity
codiad CWE-94
7.5
7.5
2018-11-21 CVE-2018-19423 Unrestricted Upload of File with Dangerous Type vulnerability in Codiad 2.8.4
Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file.
network
low complexity
codiad CWE-434
6.5
6.5
2018-07-12 CVE-2018-14009 Improper Input Validation vulnerability in Codiad
Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689.
network
low complexity
codiad CWE-20
critical
 10.0
10