Описание
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Server-Side Request Forgery (SSRF) vulnerability was found in Codiad v1.7.8 and later. A user with admin privileges could use the plugin install feature to make the server request any URL via components/market/class.market.php. This could potentially result in remote code execution. NOTE: the vendor states "Codiad is no longer under active maintenance by core contributors."
Ссылки
- ExploitThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.7.8 (включая)
cpe:2.3:a:codiad:codiad:*:*:*:*:*:*:*:*
EPSS
Процентиль: 85%
0.02395
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-918
Связанные уязвимости
EPSS
Процентиль: 85%
0.02395
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-918