Chadhaajay Phpkb vulnerabilities
119 known vulnerabilities affecting chadhaajay/phpkb.
Total CVEs
119
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH5MEDIUM112LOW2
Vulnerabilities
Page 4 of 6
CVE-2020-10421P4MEDIUMCVSS 4.8v9.02020-03-12
CVE-2020-10421 [MEDIUM] CWE-79 CVE-2020-10421: The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-departments.php by adding a question mark (?) followed by the payload.
nvd
CVE-2020-10416P4MEDIUMCVSS 4.8v9.02020-03-12
CVE-2020-10416 [MEDIUM] CWE-79 CVE-2020-10416: The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/kb-backup.php by adding a question mark (?) followed by the payload.
nvd
CVE-2020-10406P4MEDIUMCVSS 4.8v9.02020-03-12
CVE-2020-10406 [MEDIUM] CWE-79 CVE-2020-10406: The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-group.php by adding a question mark (?) followed by the payload.
nvd
CVE-2020-10447P4MEDIUMCVSS 4.8v9.02020-03-12
CVE-2020-10447 [MEDIUM] CWE-79 CVE-2020-10447: The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-failed-login.php by adding a question mark (?) followed by the payload.
nvd
CVE-2020-10434P4MEDIUMCVSS 4.8v9.02020-03-12
CVE-2020-10434 [MEDIUM] CWE-79 CVE-2020-10434: The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-versions.php by adding a question mark (?) followed by the payload.
nvd
CVE-2020-10402P4MEDIUMCVSS 4.8v9.02020-03-12
CVE-2020-10402 [MEDIUM] CWE-79 CVE-2020-10402: The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-category.php by adding a question mark (?) followed by the payload.
nvd
CVE-2020-10480P4MEDIUMCVSS 4.3v9.02020-03-12
CVE-2020-10480 [MEDIUM] CWE-352 CVE-2020-10480: CSRF in admin/add-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a n
CSRF in admin/add-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new category via a crafted request.
nvd
CVE-2020-10487P4MEDIUMCVSS 4.3v9.02020-03-12
CVE-2020-10487 [MEDIUM] CWE-352 CVE-2020-10487: CSRF in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to dele
CSRF in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a glossary term via a crafted request.
nvd
CVE-2020-10503P4MEDIUMCVSS 4.3v9.02020-03-12
CVE-2020-10503 [MEDIUM] CWE-352 CVE-2020-10503: CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to disa
CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to disapprove any comment, given the id, via a crafted request.
nvd
CVE-2020-10485P4MEDIUMCVSS 4.3v9.02020-03-12
CVE-2020-10485 [MEDIUM] CWE-352 CVE-2020-10485: CSRF in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to dele
CSRF in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article via a crafted request.
nvd
CVE-2020-10500P4MEDIUMCVSS 4.3v9.02020-03-12
CVE-2020-10500 [MEDIUM] CWE-352 CVE-2020-10500: CSRF in admin/reply-ticket.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to reply t
CSRF in admin/reply-ticket.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to reply to any ticket, given the id, via a crafted request.
nvd
CVE-2020-10489P4MEDIUMCVSS 4.3v9.02020-03-12
CVE-2020-10489 [MEDIUM] CWE-352 CVE-2020-10489: CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delet
CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a ticket via a crafted request.
nvd
CVE-2020-10494P4MEDIUMCVSS 4.3v9.02020-03-12
CVE-2020-10494 [MEDIUM] CWE-352 CVE-2020-10494: CSRF in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a new
CSRF in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a news article, given the id, via a crafted request.
nvd
CVE-2020-10492P4MEDIUMCVSS 4.3v9.02020-03-12
CVE-2020-10492 [MEDIUM] CWE-352 CVE-2020-10492: CSRF in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to del
CSRF in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article template via a crafted request.
nvd
CVE-2020-10491P4MEDIUMCVSS 4.3v9.02020-03-12
CVE-2020-10491 [MEDIUM] CWE-352 CVE-2020-10491: CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to a
CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a department via a crafted request.
nvd
CVE-2020-10502P4MEDIUMCVSS 4.3v9.02020-03-12
CVE-2020-10502 [MEDIUM] CWE-352 CVE-2020-10502: CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to appr
CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to approve any comment, given the id, via a crafted request.
nvd
CVE-2020-10496P4MEDIUMCVSS 4.3v9.02020-03-12
CVE-2020-10496 [MEDIUM] CWE-352 CVE-2020-10496: CSRF in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an
CSRF in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article, given the id, via a crafted request.
nvd
CVE-2020-10504P4MEDIUMCVSS 4.3v9.02020-03-12
CVE-2020-10504 [MEDIUM] CWE-352 CVE-2020-10504: CSRF in admin/edit-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a
CSRF in admin/edit-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a comment, given the id, via a crafted request.
nvd
CVE-2020-10490P4MEDIUMCVSS 4.3v9.02020-03-12
CVE-2020-10490 [MEDIUM] CWE-352 CVE-2020-10490: CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to d
CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a department via a crafted request.
nvd
CVE-2020-10483P4MEDIUMCVSS 4.3v9.02020-03-12
CVE-2020-10483 [MEDIUM] CWE-352 CVE-2020-10483: CSRF in admin/ajax-hub.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to post a comm
CSRF in admin/ajax-hub.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to post a comment on any article via a crafted request.
nvd