Codiad process.php saveJSON information disclosure
CVE-2017-20178

7.5HIGH

Key Information:

Vendor

Codiad

Status
Codiad
Vendor
CVE Published:
21 February 2023

What is CVE-2017-20178?

An information disclosure vulnerability exists in Codiad 2.8.0, specifically within the saveJSON function located in components/install/process.php. This flaw allows attackers to manipulate the data argument, potentially leading to unauthorized access to sensitive information. The attack can be executed remotely, though the complexity of such an attack is relatively high. Users are advised to upgrade to version 2.8.1, which includes a patch to address this concern, ensuring the integrity of their installation.

Affected Version(s)

Codiad 2.8.0

References

https://vuldb.com/?id.221498
vdb-entrytechnical-description
https://vuldb.com/?ctiid.221498
signaturepermissions-required
https://github.com/Codiad/Codiad/pull/974
issue-tracking

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

VulDB GitHub Commit Analyzer
.