CVE-2018-19423

HIGH

Codiad 2.8.4 - Authenticated Remote Code Execution via File Upload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-19423. PoCs published by Ron Jost.

AI-analyzed exploit summary This exploit demonstrates an authenticated remote code execution vulnerability in Codiad 2.8.4 by uploading a PHP webshell. It authenticates as an admin, then uploads a malicious PHP file to achieve command execution.

Description

Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file.

Exploits (1)

exploitdb WORKING POC

by Ron Jost · pythonwebappsmultiple

https://www.exploit-db.com/exploits/49907

View Code ZIP pw:eip

This exploit demonstrates an authenticated remote code execution vulnerability in Codiad 2.8.4 by uploading a PHP webshell. It authenticates as an admin, then uploads a malicious PHP file to achieve command execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Codiad 2.8.4

Auth required

Prerequisites: Valid admin credentials · Network access to the target · Codiad 2.8.4 installation

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory x_refsource_misc

https://github.com/Codiad/Codiad/issues/1098

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/162772/Codiad-2.8.4-Shell-Upload.html

Exploit, Third Party Advisory x_refsource_misc

https://github.com/Hacker5preme/Exploits/tree/main/CVE-2018-19423-Exploit

View Exploit ZIP pw:eip

Scores

CVSS v3 7.2

EPSS 0.1798

EPSS Percentile 96.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

codiad/codiad 2.8.4

Published Nov 21, 2018

Tracked Since Feb 18, 2026