Chadhaajay Phpkb vulnerabilities
119 known vulnerabilities affecting chadhaajay/phpkb.
Total CVEs
119
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH5MEDIUM112LOW2
Vulnerabilities
Page 5 of 6
CVE-2020-10493P4MEDIUMCVSS 4.3v9.02020-03-12
CVE-2020-10493 [MEDIUM] CWE-352 CVE-2020-10493: CSRF in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a
CSRF in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a glossary term, given the id, via a crafted request.
nvd
CVE-2020-10479P4MEDIUMCVSS 4.3v9.02020-03-12
CVE-2020-10479 [MEDIUM] CWE-352 CVE-2020-10479: CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new n
CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new news article via a crafted request.
nvd
CVE-2020-10486P4MEDIUMCVSS 4.3v9.02020-03-12
CVE-2020-10486 [MEDIUM] CWE-352 CVE-2020-10486: CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to dele
CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a comment via a crafted request.
nvd
CVE-2020-10484P4MEDIUMCVSS 4.3v9.02020-03-12
CVE-2020-10484 [MEDIUM] CWE-352 CVE-2020-10484: CSRF in admin/add-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to create a c
CSRF in admin/add-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to create a custom field via a crafted request.
nvd
CVE-2020-10495P4MEDIUMCVSS 4.3v9.02020-03-12
CVE-2020-10495 [MEDIUM] CWE-352 CVE-2020-10495: CSRF in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a
CSRF in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article template, given the id, via a crafted request.
nvd
CVE-2020-10499P4MEDIUMCVSS 4.3v9.02020-03-12
CVE-2020-10499 [MEDIUM] CWE-352 CVE-2020-10499: CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to close
CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to close any ticket, given the id, via a crafted request.
nvd
CVE-2020-10481P4MEDIUMCVSS 4.3v9.02020-03-12
CVE-2020-10481 [MEDIUM] CWE-352 CVE-2020-10481: CSRF in admin/add-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a n
CSRF in admin/add-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new glossary term via a crafted request.
nvd
CVE-2020-10456P4MEDIUMCVSS 4.8v9.02020-03-12
CVE-2020-10456 [MEDIUM] CWE-79 CVE-2020-10456: The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/trash-box.php by adding a question mark (?) followed by the payload.
nvd
CVE-2020-10448P4MEDIUMCVSS 4.8v9.02020-03-12
CVE-2020-10448 [MEDIUM] CWE-79 CVE-2020-10448: The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-referrers.php by adding a question mark (?) followed by the payload.
nvd
CVE-2020-10398P4MEDIUMCVSS 4.8v9.02020-03-12
CVE-2020-10398 [MEDIUM] CWE-79 CVE-2020-10398: The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-template.php by adding a question mark (?) followed by the payload.
nvd
CVE-2020-10391P4MEDIUMCVSS 4.8v9.02020-03-12
CVE-2020-10391 [MEDIUM] CWE-79 CVE-2020-10391: The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-article.php by adding a question mark (?) followed by the payload.
nvd
CVE-2020-10455P4MEDIUMCVSS 4.8v9.02020-03-12
CVE-2020-10455 [MEDIUM] CWE-79 CVE-2020-10455: The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/translate.php by adding a question mark (?) followed by the payload.
nvd
CVE-2020-10452P4MEDIUMCVSS 4.8v9.02020-03-12
CVE-2020-10452 [MEDIUM] CWE-79 CVE-2020-10452: The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/save-article.php by adding a question mark (?) followed by the payload.
nvd
CVE-2020-10394P4MEDIUMCVSS 4.8v9.02020-03-12
CVE-2020-10394 [MEDIUM] CWE-79 CVE-2020-10394: The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-glossary.php by adding a question mark (?) followed by the payload.
nvd
CVE-2020-10477P4MEDIUMCVSS 4.8v9.02020-03-12
CVE-2020-10477 [MEDIUM] CWE-79 CVE-2020-10477: Reflected XSS in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to
Reflected XSS in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.
nvd
CVE-2020-10472P4MEDIUMCVSS 4.8v9.02020-03-12
CVE-2020-10472 [MEDIUM] CWE-79 CVE-2020-10472: Reflected XSS in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attacke
Reflected XSS in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.
nvd
CVE-2020-10404P4MEDIUMCVSS 4.8v9.02020-03-12
CVE-2020-10404 [MEDIUM] CWE-79 CVE-2020-10404: The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-field.php by adding a question mark (?) followed by the payload.
nvd
CVE-2020-10395P4MEDIUMCVSS 4.8v9.02020-03-12
CVE-2020-10395 [MEDIUM] CWE-79 CVE-2020-10395: The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-group.php by adding a question mark (?) followed by the payload.
nvd
CVE-2020-10396P4MEDIUMCVSS 4.8v9.02020-03-12
CVE-2020-10396 [MEDIUM] CWE-79 CVE-2020-10396: The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-language.php by adding a question mark (?) followed by the payload.
nvd
CVE-2020-10470P4MEDIUMCVSS 4.8v9.02020-03-12
CVE-2020-10470 [MEDIUM] CWE-79 CVE-2020-10470: Reflected XSS in admin/manage-fields.php in Chadha PHPKB Standard Multi-Language 9 allows attackers
Reflected XSS in admin/manage-fields.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.
nvd