CVE-2019-1920816.03.2020, 15:15Codiad Web IDE through 2.8.4 allows PHP Code injection.Code InjectionEnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST9.8 CRITICALNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HmitreCNA------CVEADP------Base ScoreCVSS 3.xEPSS ScorePercentile: 97%VendorProductVersioncodiadcodiad𝑥≤ 2.8.4𝑥= Vulnerable software versionsKnown Exploits!http://packetstormsecurity.com/files/162753/Codiad-2.8.4-Remote-Code-Execution.htmlhttps://github.com/Hacker5preme/Exploits/tree/main/CVE-2019-19208-Exploithttps://herolab.usd.de/security-advisories/usd-2019-0049/https://www.exploit-db.com/exploits/49902http://packetstormsecurity.com/files/162753/Codiad-2.8.4-Remote-Code-Execution.htmlhttps://github.com/Hacker5preme/Exploits/tree/main/CVE-2019-19208-Exploithttps://herolab.usd.de/security-advisories/usd-2019-0049/https://www.exploit-db.com/exploits/49902Common Weakness EnumerationCWE-94 - Improper Control of Generation of Code ('Code Injection')The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Referenceshttp://packetstormsecurity.com/files/162753/Codiad-2.8.4-Remote-Code-Execution.htmlhttps://github.com/Codiad/Codiad/commits/masterhttps://github.com/Hacker5preme/Exploits/tree/main/CVE-2019-19208-Exploithttps://herolab.usd.de/en/security-advisories/https://herolab.usd.de/security-advisories/usd-2019-0049/https://www.exploit-db.com/exploits/49902http://packetstormsecurity.com/files/162753/Codiad-2.8.4-Remote-Code-Execution.htmlhttps://github.com/Codiad/Codiad/commits/masterhttps://github.com/Hacker5preme/Exploits/tree/main/CVE-2019-19208-Exploithttps://herolab.usd.de/en/security-advisories/https://herolab.usd.de/security-advisories/usd-2019-0049/https://www.exploit-db.com/exploits/49902