185 matches found
Cross site scripting
Reflected XSS in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort...
Cross site request forgery (csrf)
CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a department via a crafted request...
Cross site request forgery (csrf)
CSRF in admin/manage-categories.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a category via a crafted request...
Cross site scripting
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/add-template.php by adding a question mark ? followed by the payload...
Cross site scripting
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-comments.php by adding a question mark ? followed by the payload...
Cross site request forgery (csrf)
CSRF in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a glossary term via a crafted request...
Cross site scripting
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/reply-ticket.php by adding a question mark ? followed by the payload...
Cross site request forgery (csrf)
CSRF in admin/edit-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a category, given the id, via a crafted request...
Cross site scripting
Reflected XSS in admin/edit-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p...
Cross site scripting
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/report-article-monthly.php by adding a question mark ? followed by the payload...
Cross site request forgery (csrf)
CSRF in admin/manage-settings.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to change the global settings, potentially gaining code execution or causing a denial of service, via a crafted request...
Directory traversal
admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by uploading a .php file in the admin/js/ directory...
CVE-2020-10504
CVE-2020-10504 affects Chadha PHPKB Standard Multi-Language 9, where a CSRF flaw in admin/edit-comments.php enables an attacker to edit a comment by supplying an id via a crafted request. The vulnerability stems from insufficient CSRF protection in the affected endpoint, allowing unauthorized sta...
CVE-2020-10502
The CVE-2020-10502 issue affects Chadha PHPKB Standard Multi-Language 9. The vulnerable component is admin/manage-comments.php where CSRF allows an attacker to approve any comment by crafting a request with the comment id. Root cause is CSRF protection missing for the approval action, enabling un...
CVE-2020-10499
The connected records provide concrete details for CVE-2020-10499: Chadha PHPKB Standard Multi-Language v9 contains a cross-site request forgery (CSRF) flaw in the admin/manage-tickets.php endpoint. An attacker can close any ticket by crafting a request that, when executed by an authenticated use...
CVE-2020-10498
CSRF in admin/edit-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a category, given the id, via a crafted request...
CVE-2020-10498
CVE-2020-10498 affects Chadha PHPKB Standard Multi-Language 9. A CSRF vulnerability in admin/edit-category.php allows an attacker to edit a category by sending a crafted request (no explicit authentication bypass described). Root cause: missing/insufficient CSRF protection on the edit-category en...
CVE-2020-10497
The CVE-2020-10497 entry concerns Chadha PHPKB Standard Multi-Language 9, where a Cross-Site Request Forgery (CSRF) vulnerability exists in the admin/manage-categories.php endpoint. This weakness allows an attacker to cause the deletion of a category by sending a crafted request, due to insuffici...
CVE-2020-10495
CVE-2020-10495 is a CSRF vulnerability affecting Chadha PHPKB Standard Multi-Language 9. Assaults can edit an article template via crafted requests to admin/edit-template.php (requires id). Root cause is a CSRF weakness in the web application’s handling of template edits. The NVD entry lists a CV...
CVE-2020-10494
CSRF in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a news article, given the id, via a crafted request...