Lucene search
K

99 matches found

CNVD
CNVD
added 2018/12/29 12:0 a.m.2 views

DamiCMS Arbitrary File Read Vulnerability

DamiCMS is a content management system CMS for building websites quickly. A security vulnerability exists in DamiCMS version 6.0.1. A remote attacker can exploit the vulnerability by sending a specially crafted request admin.php?s=Tpl/Add/id to read arbitrary files...

7.5CVSS6.9AI score0.01368EPSS
Exploits0References1
NVD
NVD
added 2018/12/28 4:29 p.m.22 views

CVE-2018-20571

DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global configuration file...

7.5CVSS7.4AI score0.01368EPSS
Exploits0References1
Prion
Prion
added 2018/12/28 4:29 p.m.13 views

Default configuration

DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global configuration file...

5CVSS7.4AI score0.01368EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/12/28 4:0 p.m.18 views

CVE-2018-20571

DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global configuration file...

7.4AI score0.01368EPSS
Exploits0References1
CVE
CVE
added 2018/12/28 4:0 p.m.42 views

CVE-2018-20571

CVE-2018-20571 affects DamiCMS 6.0.1. An attacker can remotely read arbitrary files by sending a crafted request to admin.php?s=Tpl/Add/id, demonstrated by reading the global configuration file at .\Public\Config\config.ini.php. The underlying issue is an arbitrary file read path handling in the ...

7.5CVSS7.3AI score0.01368EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2018/09/04 12:0 a.m.5 views

DamiCMS Cross-Site Request Forgery Vulnerability (CNVD-2018-19082)

DamiCMS is a content management system CMS for building websites quickly. A cross-site request forgery vulnerability exists in the admin.php?s=/Admin/doedit URL in DamiCMS version 6.0.0, which can be exploited by a remote attacker to change the password of an administrator account...

8.8CVSS9AI score0.00523EPSS
Exploits1References1
OSV
OSV
added 2018/09/02 3:29 a.m.6 views

CVE-2018-16331

admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password...

8.8CVSS5.8AI score0.00523EPSS
Exploits1References1
NVD
NVD
added 2018/09/02 3:29 a.m.19 views

CVE-2018-16331

admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password...

8.8CVSS8.7AI score0.00523EPSS
Exploits1References1
Prion
Prion
added 2018/09/02 3:29 a.m.21 views

Cross site request forgery (csrf)

admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password...

6.8CVSS8.6AI score0.00523EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/09/02 3:0 a.m.24 views

CVE-2018-16331

admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password...

8.7AI score0.00523EPSS
Exploits1References1
CVE
CVE
added 2018/09/02 3:0 a.m.47 views

CVE-2018-16331

The CVE-2018-16331 entry concerns DamiCMS v6.0.0 where the admin.php?s=/Admin/doedit endpoint is vulnerable to CSRF, enabling an attacker to change the administrator password. The related connected records confirm: (1) affected software and version (DamiCMS 6.0.0), (2) the vulnerability type (CSR...

8.8CVSS8.5AI score0.00523EPSS
Exploits1References1Affected Software1
0day.today
0day.today
added 2018/09/01 12:0 a.m.37 views

DamiCMS 6.0.0 - Cross-Site Request Forgery (Change Admin Password) Vulnerability

Exploit for php platform in category web applications 0day.today 2018-09-01...

2AI score
Exploits0
CNVD
CNVD
added 2018/08/31 12:0 a.m.3 views

DamiCMS Elevation of Privilege Vulnerability

DamiCMS is a content management system CMS for building websites quickly. A full-down elevation vulnerability exists in DamiCMS version 6.0.1, which stems from the program's reliance on the 'PHP time' function to generate cookies, and can be exploited to gain administrator privileges by making a...

9.8CVSS9.6AI score0.01228EPSS
Exploits1References1
CNVD
CNVD
added 2018/08/31 12:0 a.m.3 views

DamiCMS Remote Code Execution Vulnerability

DamiCMS is a content management system CMS for building websites quickly. A remote code execution vulnerability exists in DamiCMS version 6.0.1, which can be exploited by a remote attacker to execute code by sending a multipart/form-data POST request containing PHP code to the...

7.2CVSS7.7AI score0.02155EPSS
Exploits1References1
exploitpack
exploitpack
added 2018/08/31 12:0 a.m.25 views

DamiCMS 6.0.0 - Cross-Site Request Forgery (Change Admin Password)

DamiCMS 6.0.0 - Cross-Site Request Forgery Change Admin Password Exploit Title: DamiCMS 6.0.0 - Cross-Site Request Forgery Change Admin Password Author: AutismJH Date: 2018-08-30 Vendor Homepage: https://github.com/731276192/damicms Software Link: https://github.com/731276192/damicms Version: 6.0...

6.8CVSS0.9AI score0.02467EPSS
Exploits3
Packet Storm
Packet Storm
added 2018/08/31 12:0 a.m.41 views

DamiCMS 6.0.0 Cross Site Request Forgery

Exploit Title: DamiCMS 6.0.0 - Cross-Site Request Forgery Change Admin Password Author: AutismJH Date: 2018-08-30 Vendor Homepage: https://github.com/731276192/damicms Software Link: https://github.com/731276192/damicms Version: 6.0.0 CVE: CVE-2018-15844 Description: DamiCMS v6.0.0 allows CSRF to...

0.6AI score0.02467EPSS
Exploits3
Exploit DB
Exploit DB
added 2018/08/31 12:0 a.m.30 views

DamiCMS 6.0.0 - Cross-Site Request Forgery (Change Admin Password)

Exploit Title: DamiCMS 6.0.0 - Cross-Site Request Forgery Change Admin Password Author: AutismJH Date: 2018-08-30 Vendor Homepage: https://github.com/731276192/damicms Software Link: https://github.com/731276192/damicms Version: 6.0.0 CVE: CVE-2018-15844 Description: DamiCMS v6.0.0 allows CSRF to...

8.8CVSS9AI score0.02467EPSS
Exploits3
Prion
Prion
added 2018/08/30 10:29 p.m.19 views

Design/Logic Flaw

An issue was discovered in damiCMS V6.0.1. Remote code execution can occur via PHP code in a multipart/form-data POST to the admin.php?s=/Tpl/Update.html URI. For example, this can update the Web/Tpl/default/head.html file...

6.5CVSS7.3AI score0.02155EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2018/08/30 10:29 p.m.20 views

Directory traversal

An issue was discovered in damiCMS V6.0.1. There is Directory Traversal via '|' characters in the s parameter to admin.php, as demonstrated by an admin.php?s=Tpl/Add/id/c:|windows|win.ini URI...

4CVSS4.1AI score0.01184EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/08/30 10:29 p.m.2 views

CVE-2018-16238

An issue was discovered in damiCMS V6.0.1. Remote code execution can occur via PHP code in a multipart/form-data POST to the admin.php?s=/Tpl/Update.html URI. For example, this can update the Web/Tpl/default/head.html file...

7.2CVSS6.2AI score0.02155EPSS
Exploits1References1
Rows per page
Query Builder