A vulnerability in /damicms-master/admin.php?s=/Article/doedit of DamiCMS v6.0 allows attackers to compromise and impersonate user accounts via obtaining a user's session...
8.8CVSS
8.5AI Score
0.001EPSS
Cross Site Request Forgery (CSRF) vulnerability exists in DamiCMS v6.0.6 that can add an admin account via...
8CVSS
7.6AI Score
0.001EPSS
Cross Site Scripting (XSS) vulnerability exists in DamiCMS v6.0.6 via the title parameter in the doadd function in...
4.8CVSS
6.3AI Score
0.001EPSS
An arbitrary file read vulnerability in DamiCMS v6.0.0 allows remote authenticated administrators to read any files in the server via a crafted /admin.php?s=Tpl/Add/id/...
4.9CVSS
7AI Score
0.002EPSS
DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global configuration...
7.5CVSS
7.4AI Score
0.002EPSS
admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's...
8.8CVSS
7.3AI Score
0.001EPSS
An issue was discovered in damiCMS V6.0.1. There is Directory Traversal via '|' characters in the s parameter to admin.php, as demonstrated by an admin.php?s=Tpl/Add/id/c:|windows|win.ini...
2.7CVSS
7.3AI Score
0.001EPSS
An issue was discovered in damiCMS V6.0.1. It relies on the PHP time() function for cookies, which makes it possible to determine the cookie for an existing admin session via 10800...
9.8CVSS
7.3AI Score
0.007EPSS
An issue was discovered in damiCMS V6.0.1. Remote code execution can occur via PHP code in a multipart/form-data POST to the admin.php?s=/Tpl/Update.html URI. For example, this can update the Web/Tpl/default/head.html...
7.2CVSS
8AI Score
0.003EPSS
An issue was discovered in DamiCMS 6.0.0. There is an CSRF vulnerability that can revise the administrator account's password via...
8.8CVSS
8.7AI Score
0.001EPSS
DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator...
8.8CVSS
7.3AI Score
0.005EPSS