Chadhaajay

Phpkb

119 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2020-10413

Exploit
  • EPSS 0.32%
  • Veröffentlicht 12.03.2020 14:15:14
  • Zuletzt bearbeitet 21.11.2024 04:55:16

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/import-html.php by adding a question mark (?) followed by the payload.

4.8

CVE-2020-10414

Exploit
  • EPSS 0.32%
  • Veröffentlicht 12.03.2020 14:15:14
  • Zuletzt bearbeitet 21.11.2024 04:55:16

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/index-attachments.php by adding a question mark (?) followed by the payload.

4.8

CVE-2020-10415

Exploit
  • EPSS 0.32%
  • Veröffentlicht 12.03.2020 14:15:14
  • Zuletzt bearbeitet 21.11.2024 04:55:16

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/index.php by adding a question mark (?) followed by the payload.

5.4

CVE-2020-10388

Exploit
  • EPSS 0.28%
  • Veröffentlicht 12.03.2020 14:15:13
  • Zuletzt bearbeitet 21.11.2024 04:55:12

The way the Referer header in article.php is handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in admin/report-referrers.php (vulnerable file admin/include/functi...

7.2

CVE-2020-10389

Exploit
  • EPSS 9.04%
  • Veröffentlicht 12.03.2020 14:15:13
  • Zuletzt bearbeitet 21.11.2024 04:55:12

admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by injecting PHP code into any POST parameter when saving global settings.

7.2

CVE-2020-10390

Exploit
  • EPSS 4.7%
  • Veröffentlicht 12.03.2020 14:15:13
  • Zuletzt bearbeitet 21.11.2024 04:55:12

OS Command Injection in export.php (vulnerable function called from include/functions-article.php) in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by saving the code to be executed as the wkhtmltopdf path v...

4.8

CVE-2020-10391

Exploit
  • EPSS 0.32%
  • Veröffentlicht 12.03.2020 14:15:13
  • Zuletzt bearbeitet 21.11.2024 04:55:13

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-article.php by adding a question mark (?) followed by the payload.

4.8

CVE-2020-10392

Exploit
  • EPSS 0.32%
  • Veröffentlicht 12.03.2020 14:15:13
  • Zuletzt bearbeitet 21.11.2024 04:55:13

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-category.php by adding a question mark (?) followed by the payload.

4.8

CVE-2020-10393

Exploit
  • EPSS 0.32%
  • Veröffentlicht 12.03.2020 14:15:13
  • Zuletzt bearbeitet 21.11.2024 04:55:13

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-field.php by adding a question mark (?) followed by the payload.

4.8

CVE-2020-10394

Exploit
  • EPSS 0.32%
  • Veröffentlicht 12.03.2020 14:15:13
  • Zuletzt bearbeitet 21.11.2024 04:55:13

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-glossary.php by adding a question mark (?) followed by the payload.