119 matches found
CVE-2020-11579
Summary: CVE-2020-11579 affects Chadha PHPKB 9.0 Enterprise Edition. The vulnerability is in installer/test-connection.php (installation flow) allowing an unauthenticated remote attacker to disclose local files on hosts running PHP < 7.2.16 or where MySQL ALLOW LOCAL DATA INFILE is enabled. Do...
CVE-2020-10389
CVE-2020-10389 affects Chadha PHPKB Standard Multi-Language 9. The vulnerability exists in admin/save-settings.php and allows an attacker to achieve remote code execution by injecting PHP code into any POST parameter during saving of global settings. Public references in connected documents show ...
CVE-2020-10387
CVE-2020-10387 describes a path traversal vulnerability in Chadha PHPKB Standard Multi-Language 9, exposed via the admin/download.php endpoint. The flaw allows traversal of the server file system through the GET parameter “file” (using dot-dot-slash sequences), enabling arbitrary file download. P...
CVE-2020-10386
CVE-2020-10386 affects Chadha PHPKB Standard Multi-Language 9. A remote code execution is possible by uploading a PHP file via admin/imagepaster/image-upload.php to the admin/js/ directory. The root cause is unrestricted PHP file upload in that path, allowing an attacker to execute arbitrary code...
CVE-2020-10391
CVE-2020-10391 describes a reflected XSS in Chadha PHPKB Standard Multi-Language 9. The issue arises from how URIs are handled in admin/header.php, enabling an attacker to inject script/HTML into admin/add-article.php by appending a payload after a question mark. The connected Red Hat CVE entries...
CVE-2020-10449
CVE-2020-10449 is a reflected XSS in Chadha PHPKB Standard Multi-Language 9. The Red Hat advisories confirm the URI handling flaw in admin/header.php can trigger XSS by crafting a URI with a leading ? payload on specific admin pages (e.g., admin/report-search.php). The exact vulnerable endpoints ...
CVE-2020-10395
The CVE-2020-10395 issue affects Chadha PHPKB Standard Multi-Language 9 and is described as a Reflected Cross-Site Scripting (XSS) vulnerability. The Red Hat entries specify that URIs handled in admin/header.php can trigger XSS in various admin pages (e.g., admin/add-group.php, admin/add-article....
CVE-2020-10412
The connected Red Hat advisories corroborate CVE-2020-10412 affecting Chadha PHPKB Standard Multi-Language 9. The issue is a reflected XSS flaw in the URI handling in admin/header.php, enabling injection via the query string and affecting admin/import-csv.php (and related pages in the same produc...
CVE-2020-10416
Technical details for CVE-2020-10416 are not provided in the connected documents. Public specifics such as affected versions, components, or fixes are not available here; monitor for updates.
CVE-2020-10427
CVE-2020-10427 affects Chadha PHPKB Standard Multi-Language 9. The vulnerability arises from how URIs are parsed in admin/header.php, allowing Reflected XSS in admin/manage-languages.php by appending a question mark and payload to the URL. Red Hat CVE entries for this family (CVE-2020-10391, CVE-...
CVE-2020-10456
CVE-2020-10456 affects Chadha PHPKB Standard Multi-Language 9. The issue arises from how URIs are processed in admin/header.php, enabling a Reflected XSS via admin/trash-box.php (and related admin pages) by appending a ? payload to the URI. Red Hat CVEs RH:CVE-2020-10456 similarly describe the sa...
CVE-2020-10411
The CVE-2020-10411 issue affects Chadha PHPKB Standard Multi-Language 9. The root cause is improper handling of URIs in admin/header.php, enabling Reflected XSS by inserting a payload after a question mark in admin/indexed admin pages (e.g., admin/email-harvester.php per the Initial Description)....
CVE-2020-10402
CVE-2020-10402 corresponds to a Reflected XSS in Chadha PHPKB Standard Multi‑Language 9. Red Hat entries corroborate the issue affecting URIs handled in admin/header.php, enabling payloads when accessing admin/edit-category.php (and related admin pages for CVEs 10391/10456). The root cause is imp...
CVE-2020-10413
CVE-2020-10413 affects Chadha PHPKB Standard Multi-Language 9. The Red Hat advisories document the same root cause: URI handling in admin/header.php enables Reflected XSS by appending a question mark and payload, with affected admin pages including import-html.php (per CVE description) and relate...
CVE-2020-10422
Summary: CVE-2020-10422 affects Chadha PHPKB Standard Multi-Language 9. The issue lies in URI handling in admin/header.php, enabling a Reflected XSS vulnerability in admin/manage-drafts.php when a URL is crafted with a leading caret (?) followed by the payload. This can inject arbitrary script/HT...
CVE-2020-10426
CVE-2020-10426 concerns Chadha PHPKB Standard Multi-Language 9. The issue arises from how URIs are processed in admin/header.php, enabling Reflected XSS by appending a payload after a question mark to admin pages (as shown for manage-groups.php; related Red Hat entries also reference add-article....
CVE-2020-10428
CVE-2020-10428 affects Chadha PHPKB Standard Multi-Language 9. The issue is a Reflected XSS in URI handling via admin/header.php, enabling injection of arbitrary script/HTML on several admin pages when a payload is added after a question mark in the URI (e.g., admin/manage-news.php and related pa...
CVE-2020-10390
CVE-2020-10390 affects Chadha PHPKB Standard Multi-Language 9. The OS command injection exists in export.php (called from include/functions-article.php) allowing remote code execution by saving malicious code into the wkhtmltopdf path via admin/save-settings.php. This is documented across multipl...
CVE-2020-10420
CVE-2020-10420 affects Chadha PHPKB Standard Multi-Language 9. The issue is a Reflected XSS in the admin area: URIs parsed in admin/header.php allow injection when a question mark is appended before the payload, impacting admin/manage-comments.php. The Red Hat connected CVEs (CVE-2020-10391, CVE-...
CVE-2020-10424
CVE-2020-10424 affects Chadha PHPKB Standard Multi-Language 9, where URIs mishandling in admin/header.php enables reflected XSS in admin/manage-fields.php by appending a ? payload. Impact is reflected script/HTML injection; exploitation details not provided beyond this description. The cited metr...
CVE-2020-10392
CVE-2020-10392 affects Chadha PHPKB Standard Multi-Language 9. The vulnerability arises from how URIs are handled in admin/header.php, enabling Reflected XSS in pages such as admin/add-category.php when a payload is injected after a question mark in the URI. The Red Hat context confirms the same ...
CVE-2020-10429
CVE-2020-10429 affects Chadha PHPKB Standard Multi-Language 9. The vulnerability arises from how URIs are handled in admin/header.php, enabling Reflected XSS in admin/manage-settings.php when a payload is appended after a question mark. The description notes injection of arbitrary scripts/HTML vi...
CVE-2020-10473
CVE-2020-10473 : A reflected cross-site scripting vulnerability in Chadha PHPKB Standard Multi-Language 9 affects the admin/manage-categories.php page. The issue arises from the GET parameter sort , allowing an attacker to inject arbitrary script/HTML. Affected component: PHPKB Core (admin UI). I...
CVE-2020-10487
CVE-2020-10487 affects Chadha PHPKB Standard Multi-Language 9. A CSRF flaw in admin/manage-glossary.php enables deletion of glossary terms via crafted requests. Root cause: insufficient CSRF protections on the glossary management endpoint. Impact: creation of unintended term deletions without val...
CVE-2020-10393
CVE-2020-10393 affects Chadha PHPKB Standard Multi-Language 9. The vulnerability is a Reflected XSS caused by how URIs are processed in admin/header.php, exploitable via adding a ? payload to admin/add-field.php. No remediation details are provided in the connected documents.
CVE-2020-10405
CVE-2020-10405 affects Chadha PHPKB Standard Multi-Language 9; the issue is a Reflected XSS in admin/header.php that is exploitable via URIs when an attacker appends a question mark and payload to access admin/edit-glossary.php. The Red Hat advisories confirm the same vulnerability path affecting...
CVE-2020-10432
The CVE-2020-10432 entry applies to Chadha PHPKB Standard Multi-Language 9, where URI handling in admin/header.php enables a Reflected XSS in admin/manage-tickets.php when a leading question mark is followed by a payload. The Red Hat CVE records corroborate a similar issue affecting admin/header....
CVE-2020-10442
CVE-2020-10442 concerns Chadha PHPKB Standard Multi-Language 9. The issue arises from how URIs are processed in admin/header.php, enabling Reflected XSS in multiple admin pages (e.g., admin/report-article-popular.php; per Red Hat advisories, related entries show affected paths such as admin/add-a...
CVE-2020-10406
Chadha PHPKB Standard Multi-Language 9 contains a reflected XSS in the admin area: the way URIs are handled in admin/header.php enables injection when a payload is added after a ? in admin/edit-group.php. Connected Red Hat CVEs (CVE-2020-10391, CVE-2020-10456) describe similar URI-based XSS in ot...
CVE-2020-10430
The CVE-2020-10430 entry concerns Chadha PHPKB Standard Multi-Language 9. The Red Hat Red Hat CVEs map this vulnerability to UI URI handling in admin/header.php that enables Reflected XSS in subsequent admin pages (notably admin/manage-subscribers.php; other RH entries reference admin/add-article...
CVE-2020-10431
CVE-2020-10431 affects Chadha PHPKB Standard Multi-Language 9. URI handling in admin/header.php enables Reflected XSS by appending a ? payload to admin/manage-templates.php (and similar admin pages). Red Hat advisories confirm the same root cause across multiple admin endpoints (e.g., add-article...
CVE-2020-10433
The CVE pertains to Chadha PHPKB Standard Multi-Language 9. The issue arises from how URIs are handled in admin/header.php, enabling reflected XSS by appending a question mark and payload to the URL. Red Hat records link similar vectors affecting admin pages (e.g., add-article.php, trash-box.php)...
CVE-2020-10438
CVE-2020-10438 affects Chadha PHPKB Standard Multi-Language 9: the URI handling in admin/header.php enables Reflected XSS in admin/reply-ticket.php when a payload is injected after a '?'. The Red Hat CVEs confirm similar patterns for related endpoints (e.g., admin/add-article.php), but the provid...
CVE-2020-10443
The connected Red Hat advisories describe a Reflected XSS in Chadha PHPKB Standard Multi-Language 9 stemming from how URIs are parsed in admin/header.php, with exploitation via a payload after a ? and affecting pages like admin/add-article.php/trash-box.php. They do not provide exact CVE-2020-104...
CVE-2020-10457
Path Traversal in Chadha PHPKB Standard Multi-Language 9 (admin/imagepaster/image-renaming.php) allows attackers to rename any file on the webserver via POST imgName and imgUrl using ../../../’ style sequences. Affected component: image-renaming functionality; root cause: improper validation of p...
CVE-2020-10396
CVE-2020-10396 affects Chadha PHPKB Standard Multi-Language 9. Reflected XSS is possible via URIs processed by admin/header.php, demonstrated in admin/add-language.php when a leading ? is followed by a payload. Impact is reflected script/HTML execution; CVSS vectors indicate at least low to mediu...
CVE-2020-10404
CVE-2020-10404 describes a Reflected XSS in Chadha PHPKB Standard Multi-Language 9 caused by how URIs are handled in admin/header.php. The vulnerability allows injecting arbitrary web script/HTML via a payload appended after a ? in URIs and is relevant to the admin path, including admin/edit-fiel...
CVE-2020-10414
Concretely, CVE-2020-10414 is a Reflected XSS in Chadha PHPKB Standard Multi-Language 9 caused by improper URI handling in admin/header.php. The Red Hat advisories tie the issue to multiple admin pages (e.g., admin/index-attachments.php, admin/add-article.php, admin/trash-box.php) where injecting...
CVE-2020-10397
CVE-2020-10397 affects Chadha PHPKB Standard Multi-Language 9. The issue is a Reflected XSS in URI handling within admin/header.php, exploitable via admin/add-news.php by appending a question mark ? followed by payload. The Red Hat connected records corroborate a pattern of Reflected XSS in admin...
CVE-2020-10417
Vulnerability overview (CVE-2020-10417) : Red Hat and NVD documents describe a Reflected XSS in Chadha PHPKB Standard Multi-Language 9. The issue occurs in URI handling within admin/header.php and is triggered when an attacker crafts a URL (e.g., a query string after a ?) that is reflected into p...
CVE-2020-10421
CVE-2020-10421 concerns Chadha PHPKB Standard Multi-Language 9, where URIs are mishandled in admin/header.php, enabling a Reflected XSS in admin/manage-departments.php by appending a payload after a question mark. The description indicates the vulnerability arises from how the URI is processed, a...
CVE-2020-10423
CVE-2020-10423 is a reflected XSS in Chadha PHPKB Standard Multi-Language 9 caused by improper URI handling in admin/header.php, exploitable via URIs on admin pages such as admin/manage-feedbacks.php (and related pages listed in Red Hat advisories). The Red Hat records attribute the issue to URIs...
CVE-2020-10481
CVE-2020-10481 affects Chadha PHPKB Standard Multi-Language 9. The vulnerability is a CSRF weakness in the endpoint admin/add-glossary.php that allows an attacker to add a new glossary term via a crafted request. Documented CVSS v3.1 base score is 4.3 (Medium) with network attack vector, low atta...
CVE-2020-10400
CVE-2020-10400 involves a Reflected XSS in Chadha PHPKB Standard Multi-Language 9 caused by how URIs are processed in admin/header.php. The Red Hat advisories confirm the flaw can be triggered via the URI by adding a question mark and payload, with documented impact on multiple admin pages (e.g.,...
CVE-2020-10409
Summary: CVE-2020-10409 affects Chadha PHPKB Standard Multi-Language 9; URIs parsed in admin/header.php allow a Reflected XSS in admin/edit-template.php when a payload is injected after a question mark. Affected: Chadha PHPKB Standard Multi-Language 9 (admin area). Root cause (as stated): URI han...
CVE-2020-10415
CVE-2020-10415 concerns Chadha PHPKB Standard Multi-Language 9. The issue is a Reflected XSS in URIs processed by admin/header.php, enabling an attacker to inject arbitrary script/HTML via a crafted query string (e.g., a payload following a ?). Related Red Hat entries (CVE-2020-10391 and CVE-2020...
CVE-2020-10418
CVE-2020-10418 corresponds to a reflected XSS in Chadha PHPKB Standard Multi-Language 9. Red Hat entries for CVE-2020-10418 and related CVEs describe the flaw as URIs handled in admin/header.php enabling reflected XSS in admin/manage-attachments.php by appending a payload after a question mark. T...
CVE-2020-10425
The provided connected documents identify a Reflected XSS in Chadha PHPKB Standard Multi-Language 9, caused by how URIs are handled in admin/header.php. The vulnerability is triggered by crafting a URI with a leading question mark and a payload, affecting admin pages such as admin/manage-glossary...
CVE-2020-10434
CVE-2020-10434 concerns Chadha PHPKB Standard Multi-Language 9. The issue arises from how URIs are processed in admin/header.php, enabling a Reflected XSS by appending a question mark followed by payload to admin/manage-versions.php. Connected Red Hat CVEs (CVE-2020-10391 and CVE-2020-10456) desc...
CVE-2020-10439
The vulnerability CVE-2020-10439, described across Red Hat advisories, is a Reflected XSS flaw in Chadha PHPKB Standard Multi-Language 9. It arises from how URIs are handled in admin/header.php, enabling an attacker to inject arbitrary script/HTML when accessing specific admin pages. Concrete imp...