99 matches found
DamiCMS Arbitrary File Read Vulnerability
DamiCMS is a content management system CMS for building websites quickly. A security vulnerability exists in DamiCMS version 6.0.1. A remote attacker can exploit the vulnerability by sending a specially crafted request admin.php?s=Tpl/Add/id to read arbitrary files...
CVE-2018-20571
DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global configuration file...
Default configuration
DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global configuration file...
CVE-2018-20571
DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global configuration file...
CVE-2018-20571
CVE-2018-20571 affects DamiCMS 6.0.1. An attacker can remotely read arbitrary files by sending a crafted request to admin.php?s=Tpl/Add/id, demonstrated by reading the global configuration file at .\Public\Config\config.ini.php. The underlying issue is an arbitrary file read path handling in the ...
DamiCMS Cross-Site Request Forgery Vulnerability (CNVD-2018-19082)
DamiCMS is a content management system CMS for building websites quickly. A cross-site request forgery vulnerability exists in the admin.php?s=/Admin/doedit URL in DamiCMS version 6.0.0, which can be exploited by a remote attacker to change the password of an administrator account...
CVE-2018-16331
admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password...
CVE-2018-16331
admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password...
Cross site request forgery (csrf)
admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password...
CVE-2018-16331
admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password...
CVE-2018-16331
The CVE-2018-16331 entry concerns DamiCMS v6.0.0 where the admin.php?s=/Admin/doedit endpoint is vulnerable to CSRF, enabling an attacker to change the administrator password. The related connected records confirm: (1) affected software and version (DamiCMS 6.0.0), (2) the vulnerability type (CSR...
DamiCMS 6.0.0 - Cross-Site Request Forgery (Change Admin Password) Vulnerability
Exploit for php platform in category web applications 0day.today 2018-09-01...
DamiCMS Elevation of Privilege Vulnerability
DamiCMS is a content management system CMS for building websites quickly. A full-down elevation vulnerability exists in DamiCMS version 6.0.1, which stems from the program's reliance on the 'PHP time' function to generate cookies, and can be exploited to gain administrator privileges by making a...
DamiCMS Remote Code Execution Vulnerability
DamiCMS is a content management system CMS for building websites quickly. A remote code execution vulnerability exists in DamiCMS version 6.0.1, which can be exploited by a remote attacker to execute code by sending a multipart/form-data POST request containing PHP code to the...
DamiCMS 6.0.0 - Cross-Site Request Forgery (Change Admin Password)
DamiCMS 6.0.0 - Cross-Site Request Forgery Change Admin Password Exploit Title: DamiCMS 6.0.0 - Cross-Site Request Forgery Change Admin Password Author: AutismJH Date: 2018-08-30 Vendor Homepage: https://github.com/731276192/damicms Software Link: https://github.com/731276192/damicms Version: 6.0...
DamiCMS 6.0.0 Cross Site Request Forgery
Exploit Title: DamiCMS 6.0.0 - Cross-Site Request Forgery Change Admin Password Author: AutismJH Date: 2018-08-30 Vendor Homepage: https://github.com/731276192/damicms Software Link: https://github.com/731276192/damicms Version: 6.0.0 CVE: CVE-2018-15844 Description: DamiCMS v6.0.0 allows CSRF to...
DamiCMS 6.0.0 - Cross-Site Request Forgery (Change Admin Password)
Exploit Title: DamiCMS 6.0.0 - Cross-Site Request Forgery Change Admin Password Author: AutismJH Date: 2018-08-30 Vendor Homepage: https://github.com/731276192/damicms Software Link: https://github.com/731276192/damicms Version: 6.0.0 CVE: CVE-2018-15844 Description: DamiCMS v6.0.0 allows CSRF to...
Design/Logic Flaw
An issue was discovered in damiCMS V6.0.1. Remote code execution can occur via PHP code in a multipart/form-data POST to the admin.php?s=/Tpl/Update.html URI. For example, this can update the Web/Tpl/default/head.html file...
Directory traversal
An issue was discovered in damiCMS V6.0.1. There is Directory Traversal via '|' characters in the s parameter to admin.php, as demonstrated by an admin.php?s=Tpl/Add/id/c:|windows|win.ini URI...
CVE-2018-16238
An issue was discovered in damiCMS V6.0.1. Remote code execution can occur via PHP code in a multipart/form-data POST to the admin.php?s=/Tpl/Update.html URI. For example, this can update the Web/Tpl/default/head.html file...