CVE-2017-11366 Information

Description

components/filemanager/class.filemanager.php in Codiad before 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values as demonstrated by search_file_type.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

http://www.jianshu.com/p/41ac7ac2a7af https://github.com/Codiad/Codiad/issues/1011 https://github.com/Codiad/Codiad/pull/1013 https://github.com/Codiad/Codiad/pull/1013/commits/b3645b4c6718cef6de7003f41aafe7bfcc0395d1

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8