PT-2020-12104 · Chadha · Chadha Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS in admin/manage-versions.php. This can be achieved by adding a question mark ? followed by...

PT-2020-12113 · Chadha · Chadha Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue concerns how URIs are handled in admin/header.php, allowing for Reflected XSS in admin/report-article-printed.php. This can be achieved by adding a question mark ? followed...

PT-2020-12079 · Chadha · Chadha Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS attacks. This can be exploited by injecting arbitrary web script or HTML in...

PT-2020-12153 · Chadha · Chadha Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue allows attackers to post a comment on any article via a crafted request to the admin/ajax-hub.php endpoint. This is made possible by a CSRF weakness. Recommendations: For...

PT-2020-12156 · Chadha · Chadha Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue allows attackers to delete a comment via a crafted request, specifically through a CSRF vulnerability in the admin/manage-comments.php file. This enables attackers to perfo...

PT-2020-12174 · Chadha · Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue allows attackers to edit a comment by providing the id via a crafted request to the 'admin/edit-comments.php' endpoint. This is possible due to a CSRF weakness...

PT-2020-12155 · Chadha · Chadha Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue allows attackers to delete an article via a crafted request to the "admin/manage-articles.php" endpoint. This is made possible by a CSRF weakness. Recommendations: For Chad...

PT-2020-12125 · Chadha · Chadha Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS in admin/translate.php. This can be achieved by adding a question mark ? followed by the...

PT-2020-12087 · Chadha · Chadha Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS attacks. This can be exploited by injecting arbitrary web script or HTML in...

PT-2020-12057 · Chadha · Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue allows remote attackers to download files from the server using a dot-dot-slash sequence ../ via the file parameter in the "admin/download.php" endpoint. Recommendations: F...

PT-2020-12060 · Wkhtmltopdf +1 · Wkhtmltopdf +1

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue allows remote attackers to achieve code execution by saving the code to be executed as the wkhtmltopdf path via the admin/save-settings.php endpoint. This is made possible...

PT-2020-12133 · Chadha · Chadha Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue allows attackers to inject arbitrary web script or HTML via the p parameter in the admin/edit-template.php file. This can be exploited by attackers to inject malicious code...

PT-2020-12163 · Chadha · Chadha Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue allows attackers to edit a glossary term using a crafted request, given the id. This is made possible by a CSRF vulnerability in the admin/edit-glossary.php file...

PT-2020-12160 · Chadha · Chadha Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue allows attackers to delete a department via a crafted request to the admin/manage-departments.php endpoint. This is made possible by a CSRF weakness. Recommendations: For...

PT-2020-12147 · Chadha · Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue allows attackers to inject arbitrary web script or HTML via the sort parameter in the admin/manage-news.php file. This can lead to reflected XSS attacks. Recommendations: F...

PT-2020-12171 · Chadha · Chadha Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue allows attackers to edit a department, given the id, via a crafted request to the "admin/manage-departments.php" endpoint. This is made possible by a CSRF weakness...

PT-2020-12149 · Chadha · Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue allows attackers to add a new news article via a crafted request to the /admin/add-news.php API endpoint, specifically exploiting the CSRF weakness. Recommendations: For...

PT-2020-12173 · Chadha · Chadha Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue allows attackers to disapprove any comment by providing the id via a crafted request to the 'admin/manage-comments.php' endpoint. Recommendations: For version 9, consider...

PT-2020-12145 · Chadha · Chadha Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue allows attackers to inject arbitrary web script or HTML via the sort GET parameter in the admin/manage-tickets.php file. This can lead to reflected XSS attacks...

PT-2020-12135 · Chadha · Chadha Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue allows attackers to inject arbitrary web script or HTML via the p parameter in the "admin/edit-category.php" page, potentially leading to reflected XSS attacks...