Identifier

CVE-2020-14044

Package Slug

packagist/codiad/codiad

Vulnerability

Server-Side Request Forgery (SSRF)

Description

** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Server-Side Request Forgery (SSRF) vulnerability was found in Codiad v1.7.8 and later. A user with admin privileges could use the plugin install feature to make the server request any URL via components/market/class.market.php. This could potentially result in remote code execution. NOTE: the vendor states "Codiad is no longer under active maintenance by core contributors."

Affected Versions

All versions starting from 1.7.8

Solution

Unfortunately, there is no solution available yet.

Last Modified

2020-09-06

source