This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Codiad First view 2015-01-08
Product Codiad Last view 2020-03-16
Version 2.4.3 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:codiad:codiad

Activity : Overall

Related : CVE

  Date Alert Description
9.8 2020-03-16 CVE-2019-19208

Codiad Web IDE through 2.8.4 allows PHP Code injection.
9.8 2018-07-12 CVE-2018-14009

Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689.
9.8 2017-08-20 CVE-2017-11366

components/filemanager/class.filemanager.php in Codiad before 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by search_file_type.
4.3 2015-01-08 CVE-2014-9582

Cross-site scripting (XSS) vulnerability in components/filemanager/dialog.php in Codiad 2.4.3 allows remote attackers to inject arbitrary web script or HTML via the short_name parameter in a rename action. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information.
5 2015-01-08 CVE-2014-9581

Directory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information.

CWE : Common Weakness Enumeration

%idName
20% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')
20% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
20% (1) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...
20% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
20% (1) CWE-20 Improper Input Validation