Identifier

CVE-2020-14043

Package Slug

packagist/codiad/codiad

Vulnerability

Cross-Site Request Forgery (CSRF)

Description

** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Side Request Forgery (CSRF) vulnerability was found in Codiad v1.7.8 and later. The request to download a plugin from the marketplace is only available to admin users and it isn't CSRF protected in components/market/controller.php. This might cause admins to make a vulnerable request without them knowing and result in remote code execution. NOTE: the vendor states "Codiad is no longer under active maintenance by core contributors."

Affected Versions

All versions starting from 1.7.8

Solution

Unfortunately, there is no solution available yet.

Last Modified

2020-09-04

source