Shodan
Vulnerabilities
Vulnerable Software
Codiad:  >> Codiad  >> 2.8.4  Security Vulnerabilities
CVE-2024-26557
Codiad v2.8.4 allows reflected XSS via the components/market/dialog.php type parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-03-22
CVE-2020-23355
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Codiad 2.8.4 /componetns/user/class.user.php:Authenticate() is vulnerable in magic hash authentication bypass. If encrypted or hash value for the passwords form certain formats of magic hash, e.g, 0e123, another hash value 0e234 something can successfully authenticate.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-01-27
CVE-2020-14042
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Site Scripting (XSS) vulnerability was found in Codiad v1.7.8 and later. The vulnerability occurs because of improper sanitization of the folder's name $path variable in components/filemanager/class.filemanager.php. NOTE: the vendor states "Codiad is no longer under active maintenance by core contributors."
CVSS Score
6.1
EPSS Score
0.005
Published
2020-08-25
CVE-2020-14043
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Side Request Forgery (CSRF) vulnerability was found in Codiad v1.7.8 and later. The request to download a plugin from the marketplace is only available to admin users and it isn't CSRF protected in components/market/controller.php. This might cause admins to make a vulnerable request without them knowing and result in remote code execution. NOTE: the vendor states "Codiad is no longer under active maintenance by core contributors."
CVSS Score
8.8
EPSS Score
0.01
Published
2020-08-24
CVE-2020-14044
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Server-Side Request Forgery (SSRF) vulnerability was found in Codiad v1.7.8 and later. A user with admin privileges could use the plugin install feature to make the server request any URL via components/market/class.market.php. This could potentially result in remote code execution. NOTE: the vendor states "Codiad is no longer under active maintenance by core contributors."
CVSS Score
7.2
EPSS Score
0.037
Published
2020-08-24
CVE-2019-19208
Codiad Web IDE through 2.8.4 allows PHP Code injection.
CVSS Score
9.8
EPSS Score
0.391
Published
2020-03-16
CVE-2018-19423
Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file.
CVSS Score
7.2
EPSS Score
0.269
Published
2018-11-21
CVE-2018-14009
Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689.
CVSS Score
9.8
EPSS Score
0.553
Published
2018-07-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved