Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-14043: Codiad/README.md at master · Codiad/Codiad

** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Side Request Forgery (CSRF) vulnerability was found in Codiad v1.7.8 and later. The request to download a plugin from the marketplace is only available to admin users and it isn’t CSRF protected in components/market/controller.php. This might cause admins to make a vulnerable request without them knowing and result in remote code execution. NOTE: the vendor states “Codiad is no longer under active maintenance by core contributors.”

CVE
#csrf#vulnerability#web#php#rce

Codiad Web IDE

Codiad is a web-based IDE framework with a small footprint and minimal requirements.

Codiad was built with simplicity in mind, allowing for fast, interactive development without the massive overhead of some of the larger desktop editors. That being said even users of IDE’s such as Eclipse, NetBeans and Aptana are finding Codiad’s simplicity to be a huge benefit. While simplicity was key, we didn’t skimp on features and have a team of dedicated developer actively adding more.

For more information on the project please check out the check out the Wiki or the Codiad Website

Unmaintained Status

Given its age and number of viable alternatives now available, Codiad is no longer under active maintenance by core contributors. You may use the issues for seeking community help on any ongoing issues, however, the code maintained in this repository is unlikely to be updated.

Distributed under the MIT-Style License. See LICENSE.txt file for more information.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907