CVE-2020-10466

CVE-2020-10466 affects Chadha PHPKB Standard Multi-Language 9. It is a reflected XSS in admin/edit-glossary.php triggered via the GET parameter p, allowing injection of arbitrary script/HTML. No exploit details are provided in the documents. A related PTSecurity advisory (PT-2020-12136) suggests ...

CVE-2020-10460

admin/include/operations.php via admin/email-harvester.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject untrusted input inside CSV files via the POST parameter data...

CVE-2020-10453

CVE-2020-10453 affects Chadha PHPKB Standard Multi-Language 9. The issue is a Reflected XSS via how URIs are handled in admin/header.php , exploitable in pages like admin/search-users.php (and related admin pages per Red Hat advisories) by appending a question mark and payload to the URI. Root ca...

CVE-2020-10441

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/report-article-monthly.php by adding a question mark ? followed by the payload...

CVE-2020-10439

The vulnerability CVE-2020-10439, described across Red Hat advisories, is a Reflected XSS flaw in Chadha PHPKB Standard Multi-Language 9. It arises from how URIs are handled in admin/header.php, enabling an attacker to inject arbitrary script/HTML when accessing specific admin pages. Concrete imp...

CVE-2020-10437

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/optimize-database.php by adding a question mark ? followed by the payload...

CVE-2020-10400

CVE-2020-10400 involves a Reflected XSS in Chadha PHPKB Standard Multi-Language 9 caused by how URIs are processed in admin/header.php. The Red Hat advisories confirm the flaw can be triggered via the URI by adding a question mark and payload, with documented impact on multiple admin pages (e.g.,...

CVE-2020-10396

CVE-2020-10396 affects Chadha PHPKB Standard Multi-Language 9. Reflected XSS is possible via URIs processed by admin/header.php, demonstrated in admin/add-language.php when a leading ? is followed by a payload. Impact is reflected script/HTML execution; CVSS vectors indicate at least low to mediu...

CVE-2008-5088

Multiple SQL injection vulnerabilities in PHPKB Knowledge Base Software 1.5 Professional allow remote attackers to execute arbitrary SQL commands via the ID parameter to 1 email.php and 2 question.php, a different vector than CVE-2008-1909...

CVE-2008-5088

Multiple SQL injection vulnerabilities in PHPKB Knowledge Base Software 1.5 Professional allow remote attackers to execute arbitrary SQL commands via the ID parameter to 1 email.php and 2 question.php, a different vector than CVE-2008-1909...

PHPKB 1.5 Professional - Multiple SQL Injections

PHPKB 1.5 Professional - Multiple SQL Injections PHPKB Knowledge Base Software v1.5 Professional email.php - SQL Injection Vulnerability http://www.knowledgebase-script.com ---------------------------------------------------------- Bug founded by d3v1l Date: 20.09.2007 [email protected]...

Sql injection

SQL injection vulnerability in comment.php in PHP Knowledge Base PHPKB 1.5 and 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter...

CVE-2008-1909

SQL injection vulnerability in comment.php in PHP Knowledge Base PHPKB 1.5 and 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter...

CVE-2008-1909

CVE-2008-1909 is a SQL injection vulnerability in PHP Knowledge Base (PHPKB) 1.5 and 2.0, affecting the comment.php handler. The underlying issue is an injection via the ID parameter, enabling remote attackers to execute arbitrary SQL commands. Affected software is PHPKB Knowledge Base Software (...

CVE-2008-1909

SQL injection vulnerability in comment.php in PHP Knowledge Base PHPKB 1.5 and 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter...