cbcvebase.

Chadhaajay Phpkb vulnerabilities

119 known vulnerabilities affecting chadhaajay/phpkb.

Total CVEs
119
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH5MEDIUM112LOW2

Vulnerabilities

Page 1 of 6
CVE-2020-10386P3HIGHCVSS 7.2PoCv9.02020-03-12
CVE-2020-10386 [HIGH] CWE-434 CVE-2020-10386: admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by uploading a .php file in the admin/js/ directory.
nvd
CVE-2020-10389P3HIGHCVSS 7.2PoCv9.02020-03-12
CVE-2020-10389 [HIGH] CWE-94 CVE-2020-10389: admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by injecting PHP code into any POST parameter when saving global settings.
nvd
CVE-2020-11579P3HIGHCVSS 7.5v9.02020-09-03
CVE-2020-11579 [HIGH] CWE-306 CVE-2020-11579: An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part of the installation process) allows a remote unauthenticated attacker to disclose local files on hosts running PHP before 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFILE option is enabled.
nvd
CVE-2020-10387P3MEDIUMCVSS 4.9PoCv9.02020-03-12
CVE-2020-10387 [MEDIUM] CWE-22 CVE-2020-10387: Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-Language 9 allows remote attacke Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to download files from the server using a dot-dot-slash sequence (../) via the GET parameter file.
nvd
CVE-2020-10390P3HIGHCVSS 7.2v9.02020-03-12
CVE-2020-10390 [HIGH] CWE-78 CVE-2020-10390: OS Command Injection in export.php (vulnerable function called from include/functions-article.php) i OS Command Injection in export.php (vulnerable function called from include/functions-article.php) in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by saving the code to be executed as the wkhtmltopdf path via admin/save-settings.php.
nvd
CVE-2020-10478P3HIGHCVSS 8.8v9.02020-03-12
CVE-2020-10478 [HIGH] CWE-352 CVE-2020-10478: CSRF in admin/manage-settings.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to chan CSRF in admin/manage-settings.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to change the global settings, potentially gaining code execution or causing a denial of service, via a crafted request.
nvd
CVE-2020-10458P4MEDIUMCVSS 6.5v9.02020-03-12
CVE-2020-10458 [MEDIUM] CWE-22 CVE-2020-10458: Path Traversal in admin/imagepaster/operations.php in Chadha PHPKB Standard Multi-Language 9 allows Path Traversal in admin/imagepaster/operations.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete any folder on the webserver using a dot-dot-slash sequence (../) via the GET parameter crdir, when the GET parameter action is set to df, causing a Denial of Service.
nvd
CVE-2020-10497P4MEDIUMCVSS 6.5v9.02020-03-12
CVE-2020-10497 [MEDIUM] CWE-352 CVE-2020-10497: CSRF in admin/manage-categories.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to de CSRF in admin/manage-categories.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a category via a crafted request.
nvd
CVE-2020-10501P4MEDIUMCVSS 6.5v9.02020-03-12
CVE-2020-10501 [MEDIUM] CWE-352 CVE-2020-10501: CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to e CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a department, given the id, via a crafted request.
nvd
CVE-2020-10498P4MEDIUMCVSS 6.5v9.02020-03-12
CVE-2020-10498 [MEDIUM] CWE-352 CVE-2020-10498: CSRF in admin/edit-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a CSRF in admin/edit-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a category, given the id, via a crafted request.
nvd
CVE-2020-10461P4MEDIUMCVSS 6.1v9.02020-03-12
CVE-2020-10461 [MEDIUM] CWE-79 CVE-2020-10461: The way comments in article.php (vulnerable function in include/functions-article.php) are handled i The way comments in article.php (vulnerable function in include/functions-article.php) are handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in admin/manage-comments.php, via the GET parameter cmt.
nvd
CVE-2020-10388P4MEDIUMCVSS 5.4v9.02020-03-12
CVE-2020-10388 [MEDIUM] CWE-79 CVE-2020-10388: The way the Referer header in article.php is handled in Chadha PHPKB Standard Multi-Language 9 allow The way the Referer header in article.php is handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in admin/report-referrers.php (vulnerable file admin/include/functions-articles.php).
nvd
CVE-2020-10460P4MEDIUMCVSS 4.9v9.02020-03-12
CVE-2020-10460 [MEDIUM] CWE-1236 CVE-2020-10460: admin/include/operations.php (via admin/email-harvester.php) in Chadha PHPKB Standard Multi-Language admin/include/operations.php (via admin/email-harvester.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject untrusted input inside CSV files via the POST parameter data.
nvd
CVE-2020-10488P4MEDIUMCVSS 4.3v9.02020-03-12
CVE-2020-10488 [MEDIUM] CWE-352 CVE-2020-10488: CSRF in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a CSRF in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a news article via a crafted request.
nvd
CVE-2020-10450P4MEDIUMCVSS 4.8v9.02020-03-12
CVE-2020-10450 [MEDIUM] CWE-79 CVE-2020-10450: The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-traffic.php by adding a question mark (?) followed by the payload.
nvd
CVE-2020-10451P4MEDIUMCVSS 4.8v9.02020-03-12
CVE-2020-10451 [MEDIUM] CWE-79 CVE-2020-10451: The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-user.php by adding a question mark (?) followed by the payload.
nvd
CVE-2020-10449P4MEDIUMCVSS 4.8v9.02020-03-12
CVE-2020-10449 [MEDIUM] CWE-79 CVE-2020-10449: The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-search.php by adding a question mark (?) followed by the payload.
nvd
CVE-2020-10454P4MEDIUMCVSS 4.8v9.02020-03-12
CVE-2020-10454 [MEDIUM] CWE-79 CVE-2020-10454: The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/sitemap-generator.php by adding a question mark (?) followed by the payload.
nvd
CVE-2020-10453P4MEDIUMCVSS 4.8v9.02020-03-12
CVE-2020-10453 [MEDIUM] CWE-79 CVE-2020-10453: The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/search-users.php by adding a question mark (?) followed by the payload.
nvd
CVE-2020-10429P4MEDIUMCVSS 4.8v9.02020-03-12
CVE-2020-10429 [MEDIUM] CWE-79 CVE-2020-10429: The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-settings.php by adding a question mark (?) followed by the payload.
nvd
Chadhaajay Phpkb vulnerabilities | cvebase