Codiad

codiad

14 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (14)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-26557 1Codiad 1Codiad May 28, 2025 Mar 22, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Codiad v2.8.4 allows reflected XSS via the components/market/dialog.php type parameter.
CVE-2017-20178 1Codiad 1Codiad Nov 21, 2024 Feb 21, 2023 N/A· v4 7.5 HIGH· v3 2.1 LOW· v2 UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Codiad 2.8.0. It has been rated as problematic. Affected by this issue is the function saveJSON of the file components/install/process.php. The manipulation of...Show more UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Codiad 2.8.0. It has been rated as problematic. Affected by this issue is the function saveJSON of the file components/install/process.php. The manipulation of the argument data leads to information disclosure. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 2.8.1 is able to address this issue. The patch is identified as 517119de673e62547ee472a730be0604f44342b5. It is recommended to upgrade the affected component. VDB-221498 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.Show less
CVE-2020-23355 1Codiad 1Codiad Nov 21, 2024 Jan 27, 2021 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 PRODUCT NOT SUPPORTED WHEN ASSIGNED Codiad 2.8.4 /componetns/user/class.user.php:Authenticate() is vulnerable in magic hash authentication bypass. If encrypted or hash value for the passwords form certain formats o...Show more PRODUCT NOT SUPPORTED WHEN ASSIGNED Codiad 2.8.4 /componetns/user/class.user.php:Authenticate() is vulnerable in magic hash authentication bypass. If encrypted or hash value for the passwords form certain formats of magic hash, e.g, 0e123, another hash value 0e234 something can successfully authenticate.Show less
CVE-2020-14042 1Codiad 1Codiad Nov 21, 2024 Aug 25, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 PRODUCT NOT SUPPORTED WHEN ASSIGNED A Cross Site Scripting (XSS) vulnerability was found in Codiad v1.7.8 and later. The vulnerability occurs because of improper sanitization of the folder's name $path variable in...Show more PRODUCT NOT SUPPORTED WHEN ASSIGNED A Cross Site Scripting (XSS) vulnerability was found in Codiad v1.7.8 and later. The vulnerability occurs because of improper sanitization of the folder's name $path variable in components/filemanager/class.filemanager.php. NOTE: the vendor states "Codiad is no longer under active maintenance by core contributors."Show less
CVE-2020-14044 1Codiad 1Codiad Nov 21, 2024 Aug 24, 2020 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 PRODUCT NOT SUPPORTED WHEN ASSIGNED A Server-Side Request Forgery (SSRF) vulnerability was found in Codiad v1.7.8 and later. A user with admin privileges could use the plugin install feature to make the server requ...Show more PRODUCT NOT SUPPORTED WHEN ASSIGNED A Server-Side Request Forgery (SSRF) vulnerability was found in Codiad v1.7.8 and later. A user with admin privileges could use the plugin install feature to make the server request any URL via components/market/class.market.php. This could potentially result in remote code execution. NOTE: the vendor states "Codiad is no longer under active maintenance by core contributors."Show less
CVE-2020-14043 1Codiad 1Codiad Nov 21, 2024 Aug 24, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 PRODUCT NOT SUPPORTED WHEN ASSIGNED A Cross Side Request Forgery (CSRF) vulnerability was found in Codiad v1.7.8 and later. The request to download a plugin from the marketplace is only available to admin users and...Show more PRODUCT NOT SUPPORTED WHEN ASSIGNED A Cross Side Request Forgery (CSRF) vulnerability was found in Codiad v1.7.8 and later. The request to download a plugin from the marketplace is only available to admin users and it isn't CSRF protected in components/market/controller.php. This might cause admins to make a vulnerable request without them knowing and result in remote code execution. NOTE: the vendor states "Codiad is no longer under active maintenance by core contributors."Show less
CVE-2019-19208 1Codiad 1Codiad Nov 21, 2024 Mar 16, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Codiad Web IDE through 2.8.4 allows PHP Code injection.
CVE-2018-19423 1Codiad 1Codiad Nov 21, 2024 Nov 21, 2018 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file.
CVE-2018-14009 1Codiad 1Codiad Nov 21, 2024 Jul 12, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689.
CVE-2017-1000125 1Codiad 1Codiad May 13, 2026 Nov 17, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell.
CVE-2017-11366 1Codiad 1Codiad May 13, 2026 Aug 21, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 components/filemanager/class.filemanager.php in Codiad before 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by search_file_type.
CVE-2014-9582 1Codiad 1Codiad May 6, 2026 Jan 8, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in components/filemanager/dialog.php in Codiad 2.4.3 allows remote attackers to inject arbitrary web script or HTML via the short_name parameter in a rename action. NOTE: this is...Show more Cross-site scripting (XSS) vulnerability in components/filemanager/dialog.php in Codiad 2.4.3 allows remote attackers to inject arbitrary web script or HTML via the short_name parameter in a rename action. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information.Show less
CVE-2014-9581 1Codiad 1Codiad May 6, 2026 Jan 8, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter. NOTE: this issue was originally incorrec...Show more Directory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information.Show less
CVE-2013-7257 1Codiad 1Codiad Apr 29, 2026 Jan 3, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Codiad 2.0.7 allows remote attackers to inject arbitrary web script or HTML via the Project Name field.