codiad 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには パス処理の欠陥、vendor risk csrf、vendor risk ssrf, and vendor risk input validation があり、vendor surface production workloads and vendor surface software deployment の利用場面で vendor impact session compromise、ファイル上書き, and vendor impact unexpected behavior などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2024-26557 | Codiad v2.8.4 allows reflected XSS via the components/market/dialog.php type parameter. | [email protected] | 5.4 | 0.34% | 2024-03-22 | 2025-05-28 |
| CVE-2017-20178 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Codiad 2.8.0. It has been rated as problematic. Affected by this issue is the function saveJSON of the file components/install/process.php. The manipulation of the argument data leads to information disclosure. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 2.8.1 is able to address this issue. The patch is identified as 517119de673e62547ee | [email protected] | 3.1 | 0.68% | 2023-02-21 | 2024-11-21 |
| CVE-2020-23355 | ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Codiad 2.8.4 /componetns/user/class.user.php:Authenticate() is vulnerable in magic hash authentication bypass. If encrypted or hash value for the passwords form certain formats of magic hash, e.g, 0e123, another hash value 0e234 something can successfully authenticate. | [email protected] | 7.5 | 0.98% | 2021-01-27 | 2024-11-21 |
| CVE-2020-14042 | ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Site Scripting (XSS) vulnerability was found in Codiad v1.7.8 and later. The vulnerability occurs because of improper sanitization of the folder's name $path variable in components/filemanager/class.filemanager.php. NOTE: the vendor states "Codiad is no longer under active maintenance by core contributors." | [email protected] | 6.1 | 1.17% | 2020-08-25 | 2024-11-21 |
| CVE-2020-14044 | ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Server-Side Request Forgery (SSRF) vulnerability was found in Codiad v1.7.8 and later. A user with admin privileges could use the plugin install feature to make the server request any URL via components/market/class.market.php. This could potentially result in remote code execution. NOTE: the vendor states "Codiad is no longer under active maintenance by core contributors." | [email protected] | 7.2 | 3.22% | 2020-08-24 | 2024-11-21 |
| CVE-2020-14043 | ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Side Request Forgery (CSRF) vulnerability was found in Codiad v1.7.8 and later. The request to download a plugin from the marketplace is only available to admin users and it isn't CSRF protected in components/market/controller.php. This might cause admins to make a vulnerable request without them knowing and result in remote code execution. NOTE: the vendor states "Codiad is no longer under active maintenance by core contributors." | [email protected] | 8.8 | 1.55% | 2020-08-24 | 2024-11-21 |
| CVE-2019-19208 | Codiad Web IDE through 2.8.4 allows PHP Code injection. | [email protected] | 9.8 | 19.24% | 2020-03-16 | 2024-11-21 |
| CVE-2018-19423 | Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file. | [email protected] | 7.2 | 17.98% | 2018-11-21 | 2024-11-21 |
| CVE-2018-14009 | Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689. | [email protected] | 9.8 | 38.44% | 2018-07-12 | 2024-11-21 |
| CVE-2017-1000125 | Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell. | [email protected] | 7.5 | 0.92% | 2017-11-17 | 2026-05-13 |
| CVE-2017-11366 | components/filemanager/class.filemanager.php in Codiad before 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by search_file_type. | [email protected] | 9.8 | 7.75% | 2017-08-21 | 2026-05-13 |
| CVE-2014-9582 | Cross-site scripting (XSS) vulnerability in components/filemanager/dialog.php in Codiad 2.4.3 allows remote attackers to inject arbitrary web script or HTML via the short_name parameter in a rename action. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information. | [email protected] | 4.3 | 1.47% | 2015-01-08 | 2026-05-06 |
| CVE-2014-9581 | Directory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information. | [email protected] | 5.0 | 3.58% | 2015-01-08 | 2026-05-06 |
| CVE-2013-7257 | Cross-site scripting (XSS) vulnerability in Codiad 2.0.7 allows remote attackers to inject arbitrary web script or HTML via the Project Name field. | [email protected] | 4.3 | 1.93% | 2014-01-03 | 2026-04-29 |