components/filemanager/class.filemanager.php in Codiad before 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by search_file_type.
References
Link | Resource |
---|---|
https://github.com/Codiad/Codiad/pull/1013/commits/b3645b4c6718cef6de7003f41aafe7bfcc0395d1 | Patch Third Party Advisory |
https://github.com/Codiad/Codiad/pull/1013 | Third Party Advisory |
https://github.com/Codiad/Codiad/issues/1011 | Third Party Advisory |
http://www.jianshu.com/p/41ac7ac2a7af | Exploit Third Party Advisory |
Configurations
Information
Published : 2017-08-20 18:29
Updated : 2019-10-02 17:03
NVD link : CVE-2017-11366
Mitre link : CVE-2017-11366
JSON object : View
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Products Affected
codiad
- codiad