CVE-2019-19208-Exploit
Exploit Title: Codiad 2.8.4 - Remote Code Execution (Authenticated) (2)
CVE description:
Codiad Web IDE through 2.8.4 allows PHP Code injection.
ExploitDB:
Exploit description:
An unauthenticated attacker can inject PHP code before the initial configuration
that gets executed and therefore he can run arbitrary system commands on the server.
- Credits to: https://herolab.usd.de/security-advisories/usd-2019-0049/ (Tobias Neitzel)
- Vendor Homepage: http://codiad.com/
- Software Link: https://github.com/Codiad/Codiad/releases/tag/v.2.8.4
- Version: 2.8.4
- Tested on: Xubuntu 20.04 and Cent OS 8.3
Usage:
python3 exploit.py [target_IP] [target_port]
