Advisories for Composer/Codiad/Codiad package

A vulnerability was found in Codiad 2.8.0. It has been rated as problematic. Affected by this issue is the function saveJSON of the file components/install/process.php. The manipulation of the argument data leads to information disclosure. The attack may be launched remotely. Upgrading to version 2.8.1 is able to address this issue. The name of the patch is 517119de673e62547ee472a730be0604f44342b5. It is recommended to upgrade the affected component. VDB-221498 is the identifier …

Codiad /componentss/user/class.user.php:Authenticate() is vulnerable in magic hash authentication bypass. If encrypted or hash value for the passwords form certain formats of magic hash, e.g, 0e123, another hash value 0e234 something can successfully authenticate.

A Cross Site Scripting vulnerability was found in Codiad. The vulnerability occurs because of improper sanitization of the folder name $path variable in components/filemanager/class.filemanager.php.

** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Server-Side Request Forgery (SSRF) vulnerability was found in Codiad v1.7.8. A user with admin privileges could use the plugin install feature to make the server request any URL via components/market/class.market.php. This could potentially result in remote code execution. NOTE: the vendor states "Codiad is no longer under active maintenance by core contributors."

** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Side Request Forgery (CSRF) vulnerability was found in Codiad. The request to download a plugin from the marketplace is only available to admin users and it isn't CSRF protected in components/market/controller.php. This might cause admins to make a vulnerable request without them knowing and result in remote code execution. NOTE: the vendor states "Codiad is no longer under active maintenance by …

Codiad Web IDE allows PHP Code injection.

Codiad allows remote authenticated administrators to execute arbitrary code by uploading an executable file.

Codiad allows Remote Code Execution.

Codiad is vulnerable to write anything to a configuration file during the installation.

components/filemanager/class is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by search_file_type.