Vulnerabilities > Codiad > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-27 | CVE-2020-23355 | Improper Authentication vulnerability in Codiad 2.8.4 ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Codiad 2.8.4 /componetns/user/class.user.php:Authenticate() is vulnerable in magic hash authentication bypass. | 4.3 |
| 2020-08-25 | CVE-2020-14042 | Cross-site Scripting vulnerability in Codiad ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Site Scripting (XSS) vulnerability was found in Codiad v1.7.8 and later. | 6.1 |
| 2018-11-21 | CVE-2018-19423 | Unrestricted Upload of File with Dangerous Type vulnerability in Codiad 2.8.4 Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file. | 6.5 |
| 2017-11-17 | CVE-2017-1000125 | Incorrect Permission Assignment for Critical Resource vulnerability in Codiad Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell. | 5.0 |
| 2015-01-08 | CVE-2014-9582 | Cross-site Scripting vulnerability in Codiad 2.4.3 Cross-site scripting (XSS) vulnerability in components/filemanager/dialog.php in Codiad 2.4.3 allows remote attackers to inject arbitrary web script or HTML via the short_name parameter in a rename action. | 4.3 |
| 2015-01-08 | CVE-2014-9581 | Path Traversal vulnerability in Codiad 2.4.3 Directory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2014-01-03 | CVE-2013-7257 | Cross-Site Scripting vulnerability in Codiad 2.0.7 Cross-site scripting (XSS) vulnerability in Codiad 2.0.7 allows remote attackers to inject arbitrary web script or HTML via the Project Name field. | 4.3 |