855 matches found
CVE-2020-10434
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-versions.php by adding a question mark ? followed by the payload...
CVE-2020-10406
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/edit-group.php by adding a question mark ? followed by the payload...
CVE-2020-10468
Reflected XSS in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p...
CVE-2020-10486
CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a comment via a crafted request...
CVE-2020-10460
admin/include/operations.php via admin/email-harvester.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject untrusted input inside CSV files via the POST parameter data...
CVE-2020-10425
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-glossary.php by adding a question mark ? followed by the payload...
CVE-2020-10407
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/edit-news.php by adding a question mark ? followed by the payload...
CVE-2020-10496
CSRF in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article, given the id, via a crafted request...
CVE-2020-10495
CSRF in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article template, given the id, via a crafted request...
CVE-2020-10411
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/email-harvester.php by adding a question mark ? followed by the payload...
CVE-2020-10470
Reflected XSS in admin/manage-fields.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort...
CVE-2020-10465
Reflected XSS in admin/edit-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p...
CVE-2020-10501
CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a department, given the id, via a crafted request...
CVE-2020-10388
The way the Referer header in article.php is handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored Blind XSS injecting arbitrary web script or HTML in admin/report-referrers.php vulnerable file admin/include/functions-articles.php...
CVE-2020-10420
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-comments.php by adding a question mark ? followed by the payload...
CVE-2020-11579
An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php part of the installation process allows a remote unauthenticated attacker to disclose local files on hosts running PHP before 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFILE option is enabled...
CVE-2020-11579
An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php part of the installation process allows a remote unauthenticated attacker to disclose local files on hosts running PHP before 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFILE option is enabled...
CVE-2020-11579
Summary: CVE-2020-11579 affects Chadha PHPKB 9.0 Enterprise Edition. The vulnerability is in installer/test-connection.php (installation flow) allowing an unauthenticated remote attacker to disclose local files on hosts running PHP < 7.2.16 or where MySQL ALLOW LOCAL DATA INFILE is enabled. Do...
CVE-2020-11579
An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php part of the installation process allows a remote unauthenticated attacker to disclose local files on hosts running PHP before 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFILE option is enabled...
PT-2020-6128 · Php +2 · Php +2
Name of the Vulnerable Software and Affected Versions: Chadha PHPKB version 9.0 Enterprise Edition Description: The issue is related to insufficient input validation in the Chadha PHPKB software. This allows a remote unauthenticated attacker to disclose local files on hosts running PHP versions...