CVE-2020-14044

Name of the Vulnerable Software and Affected Versions Codiad versions 1.7.8 and later

Description A Server-Side Request Forgery (SSRF) issue was found in the software. It allows a user with admin privileges to use the plugin install feature to make the server request any URL via components/market/class.market.php, potentially resulting in remote code execution. The vendor has stated that the product is no longer under active maintenance by core contributors.

Recommendations For versions 1.7.8 and later, as a temporary workaround, consider disabling the plugin install feature until a patch is available. Restrict access to the components/market/class.market.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.