Lucene search
K

99 matches found

Cvelist
Cvelist
added 2021/12/27 10:22 p.m.20 views

CVE-2020-21236

A vulnerability in /damicms-master/admin.php?s=/Article/doedit of DamiCMS v6.0 allows attackers to compromise and impersonate user accounts via obtaining a user's session cookie...

8.6AI score0.00537EPSS
Exploits1References1
CVE
CVE
added 2021/12/27 10:22 p.m.49 views

CVE-2020-21236

The CVE-2020-21236 entry affects DamiCMS v6.0, specifically /damicms-master/admin.php?s=/Article/doedit. The root cause is lack of cookie protection, enabling an attacker to obtain a user’s session cookie and impersonate that user. Several connected sources (CVE lists, Red Hat advisory, CNVD) cor...

8.8CVSS8.5AI score0.00537EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2021/12/27 12:0 a.m.5 views

DamiCMS跨站请求伪造漏洞

A security vulnerability exists in DamiCMS v6.0, which originates from the lack of cookie protection in /damicms-master/admin.php?s=/Article/doedit, and could be exploited to compromise and impersonate a user's account by obtaining their session cookie. session cookie to compromise and impersonat...

8.8CVSS5.5AI score0.00537EPSS
Exploits1References2
NVD
NVD
added 2021/08/12 7:15 p.m.24 views

CVE-2020-18458

Cross Site Request Forgery CSRF vulnerability exists in DamiCMS v6.0.6 that can add an admin account via admin.php?s=/Admin/doadd...

8CVSS0.00458EPSS
Exploits1References1
OSV
OSV
added 2021/08/12 7:15 p.m.3 views

CVE-2020-18458

Cross Site Request Forgery CSRF vulnerability exists in DamiCMS v6.0.6 that can add an admin account via admin.php?s=/Admin/doadd...

8CVSS5.8AI score0.00458EPSS
Exploits1References1
Prion
Prion
added 2021/08/12 7:15 p.m.16 views

Cross site request forgery (csrf)

Cross Site Request Forgery CSRF vulnerability exists in DamiCMS v6.0.6 that can add an admin account via admin.php?s=/Admin/doadd...

6CVSS8AI score0.00458EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2021/08/12 6:15 p.m.2 views

CVE-2020-18451

Cross Site Scripting XSS vulnerability exists in DamiCMS v6.0.6 via the title parameter in the doadd function in LabelAction.class.php...

4.8CVSS5.8AI score0.00527EPSS
Exploits1References1
NVD
NVD
added 2021/08/12 6:15 p.m.17 views

CVE-2020-18451

Cross Site Scripting XSS vulnerability exists in DamiCMS v6.0.6 via the title parameter in the doadd function in LabelAction.class.php...

4.8CVSS0.00527EPSS
Exploits1References1
Prion
Prion
added 2021/08/12 6:15 p.m.19 views

Cross site scripting

Cross Site Scripting XSS vulnerability exists in DamiCMS v6.0.6 via the title parameter in the doadd function in LabelAction.class.php...

3.5CVSS4.9AI score0.00527EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/08/12 6:2 p.m.25 views

CVE-2020-18458

Cross Site Request Forgery CSRF vulnerability exists in DamiCMS v6.0.6 that can add an admin account via admin.php?s=/Admin/doadd...

8AI score0.00458EPSS
Exploits1References1
CVE
CVE
added 2021/08/12 6:2 p.m.43 views

CVE-2020-18458

CSRF vulnerability in DamiCMS v6.0.6 allows an attacker to add an admin account via admin.php?s=/Admin/doadd. The issue is documented as CVE-2020-18458 with NVD metrics CVSS v2 base score 6.0 (medium) and CVSS v3.1 base score 8.0 (high). Exploitation status is not provided in the connected docume...

8CVSS7.9AI score0.00458EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/08/12 5:26 p.m.45 views

CVE-2020-18451

CVE-2020-18451 is an XSS vulnerability in DamiCMS v6.0.6, arising from an unsanitized input of the title parameter in the doadd function of LabelAction.class.php. Affects the web app’s ability to handle user-supplied titles, enabling cross-site scripting. NVD reports CVSSv3.1 base score 4.8 (MEDI...

4.8CVSS4.9AI score0.00527EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/08/12 5:26 p.m.23 views

CVE-2020-18451

Cross Site Scripting XSS vulnerability exists in DamiCMS v6.0.6 via the title parameter in the doadd function in LabelAction.class.php...

5AI score0.00527EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/08/12 12:0 a.m.4 views

DamiCMS 跨站请求伪造漏洞

DamiCMS is a content management system CMS for quickly building websites. There is a security vulnerability in DamiCMS v6.0.6 that allows you to add an administrative account via admin.php?s=/Admin/doadd...

8CVSS7.7AI score0.00458EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/08/12 12:0 a.m.5 views

DamiCMS 跨站脚本漏洞

DamiCMS is a content management system CMS for quickly building websites. A cross-site scripting vulnerability exists in DamiCMS v6.0.6, which originates from the title parameter in the doadd function in LabelAction.class.php...

4.8CVSS4.9AI score0.00527EPSS
Exploits1References1
CNVD
CNVD
added 2021/06/19 12:0 a.m.11 views

Code Execution Vulnerability in Rice CMS

Dami CMS DamiCMS is a PC station building and cell phone station building integrated all-in-one system. DamiCMS suffers from a code execution vulnerability that can be exploited by attackers to execute code and gain server privileges...

8AI score
Exploits0
NVD
NVD
added 2019/07/10 3:15 p.m.16 views

CVE-2018-14831

An arbitrary file read vulnerability in DamiCMS v6.0.0 allows remote authenticated administrators to read any files in the server via a crafted /admin.php?s=Tpl/Add/id/ URI...

4.9CVSS4.9AI score0.01591EPSS
Exploits1References1
OSV
OSV
added 2019/07/10 3:15 p.m.2 views

CVE-2018-14831

An arbitrary file read vulnerability in DamiCMS v6.0.0 allows remote authenticated administrators to read any files in the server via a crafted /admin.php?s=Tpl/Add/id/ URI...

4.9CVSS5.9AI score0.01591EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/07/10 2:29 p.m.18 views

CVE-2018-14831

An arbitrary file read vulnerability in DamiCMS v6.0.0 allows remote authenticated administrators to read any files in the server via a crafted /admin.php?s=Tpl/Add/id/ URI...

4.9AI score0.01591EPSS
Exploits1References1
CVE
CVE
added 2019/07/10 2:29 p.m.40 views

CVE-2018-14831

Concrete details confirm the vulnerability: CVE-2018-14831 affects DamiCMS v6.0.0 . Affected component/file is the web entry point, with the root cause described as an arbitrary file read via a crafted URI in the admin interface: /admin.php?s=Tpl/Add/id/. The impact is that remote authenticated a...

4.9CVSS4.8AI score0.01591EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder