Skip to main content

Codiad

11 CVEs product

Monthly

CVE-2024-26557 MEDIUM POC This Month

Codiad v2.8.4 allows reflected XSS via the components/market/dialog.php type parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Codiad
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2020-14042 PHP MEDIUM POC This Month

** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Site Scripting (XSS) vulnerability was found in Codiad v1.7.8 and later. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Codiad
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-14044 PHP HIGH POC This Week

** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Server-Side Request Forgery (SSRF) vulnerability was found in Codiad v1.7.8 and later. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE SSRF PHP Codiad
NVD GitHub
CVSS 3.1
7.2
EPSS
3.2%
CVE-2020-14043 PHP HIGH POC This Week

** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Side Request Forgery (CSRF) vulnerability was found in Codiad v1.7.8 and later. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF PHP Codiad
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2018-19423 HIGH POC THREAT This Week

Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Codiad
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
18.0%
CVE-2018-14009 PHP CRITICAL POC THREAT Act Now

Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Codiad
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
38.4%
CVE-2017-1000125 HIGH POC This Week

Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Codiad
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-11366 PHP CRITICAL POC PATCH THREAT Act Now

components/filemanager/class.filemanager.php in Codiad before 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 34.3%.

PHP Command Injection Codiad
NVD GitHub
CVSS 3.0
9.8
EPSS
34.3%
Threat
4.5
CVE-2014-9582 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in components/filemanager/dialog.php in Codiad 2.4.3 allows remote attackers to inject arbitrary web script or HTML via the short_name parameter in a rename. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Codiad
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.9%
CVE-2014-9581 MEDIUM POC THREAT This Month

Directory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.6%.

Path Traversal PHP Codiad
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
11.6%
CVE-2013-7257 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Codiad 2.0.7 allows remote attackers to inject arbitrary web script or HTML via the Project Name field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Codiad
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
EPSS 0% CVSS 5.4
MEDIUM POC This Month

Codiad v2.8.4 allows reflected XSS via the components/market/dialog.php type parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Codiad
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Site Scripting (XSS) vulnerability was found in Codiad v1.7.8 and later. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Codiad
NVD GitHub
EPSS 3% CVSS 7.2
HIGH POC This Week

** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Server-Side Request Forgery (SSRF) vulnerability was found in Codiad v1.7.8 and later. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE SSRF PHP +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Side Request Forgery (CSRF) vulnerability was found in Codiad v1.7.8 and later. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF PHP +1
NVD GitHub
EPSS 18% CVSS 7.2
HIGH POC THREAT This Week

Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Codiad
NVD GitHub Exploit-DB
EPSS 38% CVSS 9.8
CRITICAL POC THREAT Act Now

Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Codiad
NVD GitHub Exploit-DB
EPSS 0% CVSS 7.5
HIGH POC This Week

Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Codiad
NVD
EPSS 34% 4.5 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

components/filemanager/class.filemanager.php in Codiad before 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 34.3%.

PHP Command Injection Codiad
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in components/filemanager/dialog.php in Codiad 2.4.3 allows remote attackers to inject arbitrary web script or HTML via the short_name parameter in a rename. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Codiad
NVD Exploit-DB
EPSS 12% CVSS 5.0
MEDIUM POC THREAT This Month

Directory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.6%.

Path Traversal PHP Codiad
NVD Exploit-DB
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Codiad 2.0.7 allows remote attackers to inject arbitrary web script or HTML via the Project Name field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Codiad
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy