99 matches found
CVE-2020-21236
A vulnerability in /damicms-master/admin.php?s=/Article/doedit of DamiCMS v6.0 allows attackers to compromise and impersonate user accounts via obtaining a user's session cookie...
CVE-2020-21236
The CVE-2020-21236 entry affects DamiCMS v6.0, specifically /damicms-master/admin.php?s=/Article/doedit. The root cause is lack of cookie protection, enabling an attacker to obtain a user’s session cookie and impersonate that user. Several connected sources (CVE lists, Red Hat advisory, CNVD) cor...
DamiCMS跨站请求伪造漏洞
A security vulnerability exists in DamiCMS v6.0, which originates from the lack of cookie protection in /damicms-master/admin.php?s=/Article/doedit, and could be exploited to compromise and impersonate a user's account by obtaining their session cookie. session cookie to compromise and impersonat...
CVE-2020-18458
Cross Site Request Forgery CSRF vulnerability exists in DamiCMS v6.0.6 that can add an admin account via admin.php?s=/Admin/doadd...
CVE-2020-18458
Cross Site Request Forgery CSRF vulnerability exists in DamiCMS v6.0.6 that can add an admin account via admin.php?s=/Admin/doadd...
Cross site request forgery (csrf)
Cross Site Request Forgery CSRF vulnerability exists in DamiCMS v6.0.6 that can add an admin account via admin.php?s=/Admin/doadd...
CVE-2020-18451
Cross Site Scripting XSS vulnerability exists in DamiCMS v6.0.6 via the title parameter in the doadd function in LabelAction.class.php...
CVE-2020-18451
Cross Site Scripting XSS vulnerability exists in DamiCMS v6.0.6 via the title parameter in the doadd function in LabelAction.class.php...
Cross site scripting
Cross Site Scripting XSS vulnerability exists in DamiCMS v6.0.6 via the title parameter in the doadd function in LabelAction.class.php...
CVE-2020-18458
Cross Site Request Forgery CSRF vulnerability exists in DamiCMS v6.0.6 that can add an admin account via admin.php?s=/Admin/doadd...
CVE-2020-18458
CSRF vulnerability in DamiCMS v6.0.6 allows an attacker to add an admin account via admin.php?s=/Admin/doadd. The issue is documented as CVE-2020-18458 with NVD metrics CVSS v2 base score 6.0 (medium) and CVSS v3.1 base score 8.0 (high). Exploitation status is not provided in the connected docume...
CVE-2020-18451
CVE-2020-18451 is an XSS vulnerability in DamiCMS v6.0.6, arising from an unsanitized input of the title parameter in the doadd function of LabelAction.class.php. Affects the web app’s ability to handle user-supplied titles, enabling cross-site scripting. NVD reports CVSSv3.1 base score 4.8 (MEDI...
CVE-2020-18451
Cross Site Scripting XSS vulnerability exists in DamiCMS v6.0.6 via the title parameter in the doadd function in LabelAction.class.php...
DamiCMS 跨站请求伪造漏洞
DamiCMS is a content management system CMS for quickly building websites. There is a security vulnerability in DamiCMS v6.0.6 that allows you to add an administrative account via admin.php?s=/Admin/doadd...
DamiCMS 跨站脚本漏洞
DamiCMS is a content management system CMS for quickly building websites. A cross-site scripting vulnerability exists in DamiCMS v6.0.6, which originates from the title parameter in the doadd function in LabelAction.class.php...
Code Execution Vulnerability in Rice CMS
Dami CMS DamiCMS is a PC station building and cell phone station building integrated all-in-one system. DamiCMS suffers from a code execution vulnerability that can be exploited by attackers to execute code and gain server privileges...
CVE-2018-14831
An arbitrary file read vulnerability in DamiCMS v6.0.0 allows remote authenticated administrators to read any files in the server via a crafted /admin.php?s=Tpl/Add/id/ URI...
CVE-2018-14831
An arbitrary file read vulnerability in DamiCMS v6.0.0 allows remote authenticated administrators to read any files in the server via a crafted /admin.php?s=Tpl/Add/id/ URI...
CVE-2018-14831
An arbitrary file read vulnerability in DamiCMS v6.0.0 allows remote authenticated administrators to read any files in the server via a crafted /admin.php?s=Tpl/Add/id/ URI...
CVE-2018-14831
Concrete details confirm the vulnerability: CVE-2018-14831 affects DamiCMS v6.0.0 . Affected component/file is the web entry point, with the root cause described as an arbitrary file read via a crafted URI in the admin interface: /admin.php?s=Tpl/Add/id/. The impact is that remote authenticated a...