855 matches found
Cross site request forgery (csrf)
CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to approve any comment, given the id, via a crafted request...
Cross site scripting
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/add-field.php by adding a question mark ? followed by the payload...
Cross site request forgery (csrf)
CSRF in admin/manage-categories.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a category via a crafted request...
Cross site scripting
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/my-languages.php by adding a question mark ? followed by the payload...
Cross site scripting
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/index.php by adding a question mark ? followed by the payload...
Cross site scripting
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/email-harvester.php by adding a question mark ? followed by the payload...
Cross site request forgery (csrf)
CSRF in admin/ajax-hub.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to post a comment on any article via a crafted request...
Cross site scripting
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/add-news.php by adding a question mark ? followed by the payload...
Cross site scripting
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/edit-user.php by adding a question mark ? followed by the payload...
Cross site scripting
Reflected XSS in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort...
Cross site scripting
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-departments.php by adding a question mark ? followed by the payload...
CVE-2020-10386
admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by uploading a .php file in the admin/js/ directory...
Directory traversal
admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by uploading a .php file in the admin/js/ directory...
CVE-2020-10504
CSRF in admin/edit-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a comment, given the id, via a crafted request...
CVE-2020-10504
CVE-2020-10504 affects Chadha PHPKB Standard Multi-Language 9, where a CSRF flaw in admin/edit-comments.php enables an attacker to edit a comment by supplying an id via a crafted request. The vulnerability stems from insufficient CSRF protection in the affected endpoint, allowing unauthorized sta...
CVE-2020-10503
The CVE-2020-10503 issue affects Chadha PHPKB Standard Multi-Language version 9, where a CSRF flaw in admin/manage-comments.php lets an attacker disapprove any comment by supplying an id in a crafted request. The vulnerability stems from insufficient request validation/verification of authorized ...
CVE-2020-10502
CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to approve any comment, given the id, via a crafted request...
CVE-2020-10502
The CVE-2020-10502 issue affects Chadha PHPKB Standard Multi-Language 9. The vulnerable component is admin/manage-comments.php where CSRF allows an attacker to approve any comment by crafting a request with the comment id. Root cause is CSRF protection missing for the approval action, enabling un...
CVE-2020-10501
CVE-2020-10501 concerns Chadha PHPKB Standard Multi-Language 9 where a CSRF weakness in the admin/manage-departments.php endpoint allows an attacker to edit a department when a crafted request is issued. The root cause is inadequate CSRF protections on the request that performs department edits (...
CVE-2020-10500
The CVE-2020-10500 issue affects Chadha PHPKB Standard Multi-Language v9, where a CSRF weakness in the admin/reply-ticket.php endpoint lets an attacker cause a reply to a ticket by crafting a request. The PS/RH Red Hat entry confirms the CSRF nature. The vulnerability stems from insufficient vali...