185 matches found
CVE-2020-10494
CVE-2020-10494 is a CSRF vulnerability in Chadha PHPKB Standard Multi-Language 9 affecting the admin/edit-news.php endpoint. Affected component is the news-editing function; root cause is CSRF weakness allowing an attacker to edit a news article when a user with appropriate session interacts with...
CVE-2020-10493
CSRF in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a glossary term, given the id, via a crafted request...
CVE-2020-10491
The issue is a CSRF vulnerability in Chadha PHPKB Standard Multi-Language version 9, specifically affecting the endpoint admin/manage-departments.php. A crafted request can cause an attacker to add a department without proper authorization. The root cause is a CSRF weakness that allows unauthoriz...
CVE-2020-10490
CVE-2020-10490 describes a CSRF vulnerability in Chadha PHPKB Standard Multi-Language 9, where requests to admin/manage-departments.php can delete a department. Root cause: insufficient CSRF protection on the department-management endpoint. Affected product/version: Chadha PHPKB Standard Multi-La...
CVE-2020-10489
CVE-2020-10489 is a CSRF vulnerability in Chadha PHPKB Standard Multi-Language 9 affecting the admin/manage-tickets.php endpoint. An attacker can cause a user’s browser to issue a crafted request to delete a ticket, due to inadequate protection against cross-site request forgery. The CVE is docum...
CVE-2020-10488
CVE-2020-10488 describes a cross-site request forgery (CSRF) in Chadha PHPKB Standard Multi-Language 9. The vulnerability exists in the admin/manage-news.php endpoint, where a crafted request can cause deletion of a news article. Root cause: CSRF due to insufficient request validation/CSRF protec...
CVE-2020-10486
The CVE-2020-10486 issue affects Chadha PHPKB Standard Multi-Language version 9, where a CSRF flaw in admin/manage-comments.php can let an attacker delete a comment via a crafted request. Root cause is CSRF vulnerability due to insufficient request forgery protections, enabling unauthorized actio...
CVE-2020-10485
CVE-2020-10485 concerns Chadha PHPKB Standard Multi-Language 9. a CSRF flaw in admin/manage-articles.php enables deletion of an article via a crafted request. Root cause: inadequate CSRF protection on the article-deletion endpoint. Affected product/version: Chadha PHPKB Standard Multi-Language 9....
CVE-2020-10484
The CVE-2020-10484 entry concerns Chadha PHPKB Standard Multi-Language 9. A CSRF flaw in admin/add-field.php allows an attacker to create a custom field via a crafted request, as described across multiple connected sources. The vulnerability is rated CVSS v3.1 4.3 (Medium) with network attack vec...
CVE-2020-10483
CSRF in admin/ajax-hub.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to post a comment on any article via a crafted request...
CVE-2020-10483
CVE-2020-10483 is a CSRF vulnerability in Chadha PHPKB Standard Multi-Language 9, affecting the admin/ajax-hub.php endpoint. The weakness allows an attacker to cause arbitrary users to post a comment on any article via a crafted request. Documented impact: ability to post comments; no other data ...
CVE-2020-10482
CSRF in admin/add-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new article template via a crafted request...
CVE-2020-10482
The connected documents confirm CVE-2020-10482 affects Chadha PHPKB Standard Multi-Language version 9, via a CSRF weakness in admin/add-template.php that lets an attacker add a new article template with a crafted request. The vulnerability stems from insufficient CSRF protection in that endpoint....
CVE-2020-10480
CSRF in admin/add-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new category via a crafted request...
CVE-2020-10480
CVE-2020-10480 affects Chadha PHPKB Standard Multi-Language 9. The vulnerability is a cross-site request forgery (CSRF) in admin/add-category.php that allows an attacker to add a new category via a crafted request, without requiring authentication. The root cause is insufficient CSRF protection o...
CVE-2020-10479
CVE-2020-10479 affects Chadha PHPKB Standard Multi-Language 9, where a CSRF flaw in admin/add-news.php allows adding a news article via a crafted request. The vulnerability is tied to a CSRF weakness in the /admin/add-news.php endpoint, enabling unauthorized article creation. Affected product/ver...
CVE-2020-10478
CSRF in admin/manage-settings.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to change the global settings, potentially gaining code execution or causing a denial of service, via a crafted request...
CVE-2020-10477
Reflected XSS in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort...
CVE-2020-10476
Reflected XSS in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort...
CVE-2020-10473
Reflected XSS in admin/manage-categories.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort...