Cheiff

**Name of the Vulnerable Software and Affected Versions** Codiad versions prior to 2.8.4 **Description** The issue allows for remote command execution because shell commands can be embedded in parameter values. This is demonstrated by the `search file type` parameter. **Recommendations** For versions prior to 2.8.4, update to version 2.8.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the `class.filemanager.php` file until a patch is available. Avoid using the `search file type` parameter in the affected API endpoint until the issue is resolved.