Remote Code Execution (RCE)

2017-08-2508:56:17

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.192 Low

EPSS

Percentile

96.3%

JSON

codiad/codiad is vulnerable to remote code execution (RCE) attacks. The library does not properly escape the filepath, allowing a malicious user to inject and execute arbitrary system commands. This CVE is different from CVE-2017-11366 and CVE-2017-15689.

CPENameOperatorVersion
codiad/codiadeq1.3.6

CPE	Name	Operator	Version
	codiad/codiad	eq	1.3.6

References

packetstormsecurity.com/files/161944/Codiad-2.8.4-Remote-Code-Execution.html

github.com/Codiad/Codiad/issues/1071

github.com/Codiad/Codiad/issues/1078

github.com/WangYihang/Codiad-Remote-Code-Execute-Exploit

github.com/WangYihang/Codiad-Remote-Code-Execute-Exploit/blob/master/exploit.py

0.192 Low

EPSS

Percentile

96.3%

JSON

Related for VERACODE:4967