CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Chadhaajay » Phpkb » 9.0 * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:a:chadhaajay:phpkb:9.0:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2020-10504 352 CSRF 2020-03-12 2020-03-26
4.3
None Remote Medium Not required None Partial None
CSRF in admin/edit-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a comment, given the id, via a crafted request.
2 CVE-2020-10503 352 CSRF 2020-03-12 2020-03-26
4.3
None Remote Medium Not required None Partial None
CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to disapprove any comment, given the id, via a crafted request.
3 CVE-2020-10502 352 CSRF 2020-03-12 2020-03-26
4.3
None Remote Medium Not required None Partial None
CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to approve any comment, given the id, via a crafted request.
4 CVE-2020-10501 352 CSRF 2020-03-12 2020-03-26
4.3
None Remote Medium Not required None Partial None
CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a department, given the id, via a crafted request.
5 CVE-2020-10500 352 CSRF 2020-03-12 2020-03-26
4.3
None Remote Medium Not required None Partial None
CSRF in admin/reply-ticket.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to reply to any ticket, given the id, via a crafted request.
6 CVE-2020-10499 352 CSRF 2020-03-12 2020-03-26
4.3
None Remote Medium Not required None Partial None
CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to close any ticket, given the id, via a crafted request.
7 CVE-2020-10498 352 CSRF 2020-03-12 2020-03-26
4.3
None Remote Medium Not required None Partial None
CSRF in admin/edit-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a category, given the id, via a crafted request.
8 CVE-2020-10497 352 CSRF 2020-03-12 2020-03-26
4.3
None Remote Medium Not required None Partial None
CSRF in admin/manage-categories.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a category via a crafted request.
9 CVE-2020-10496 352 CSRF 2020-03-12 2020-03-26
4.3
None Remote Medium Not required None Partial None
CSRF in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article, given the id, via a crafted request.
10 CVE-2020-10495 352 CSRF 2020-03-12 2020-03-26
4.3
None Remote Medium Not required None Partial None
CSRF in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article template, given the id, via a crafted request.
11 CVE-2020-10494 352 CSRF 2020-03-12 2020-03-26
4.3
None Remote Medium Not required None Partial None
CSRF in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a news article, given the id, via a crafted request.
12 CVE-2020-10493 352 CSRF 2020-03-12 2020-03-26
4.3
None Remote Medium Not required None Partial None
CSRF in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a glossary term, given the id, via a crafted request.
13 CVE-2020-10492 352 CSRF 2020-03-12 2020-03-26
4.3
None Remote Medium Not required None Partial None
CSRF in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article template via a crafted request.
14 CVE-2020-10491 352 CSRF 2020-03-12 2020-03-26
4.3
None Remote Medium Not required None Partial None
CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a department via a crafted request.
15 CVE-2020-10490 352 CSRF 2020-03-12 2020-03-26
4.3
None Remote Medium Not required None Partial None
CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a department via a crafted request.
16 CVE-2020-10489 352 CSRF 2020-03-12 2020-03-26
4.3
None Remote Medium Not required None Partial None
CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a ticket via a crafted request.
17 CVE-2020-10488 352 CSRF 2020-03-12 2020-03-26
4.3
None Remote Medium Not required None Partial None
CSRF in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a news article via a crafted request.
18 CVE-2020-10487 352 CSRF 2020-03-12 2020-03-26
4.3
None Remote Medium Not required None Partial None
CSRF in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a glossary term via a crafted request.
19 CVE-2020-10486 352 CSRF 2020-03-12 2020-03-26
4.3
None Remote Medium Not required None Partial None
CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a comment via a crafted request.
20 CVE-2020-10485 352 CSRF 2020-03-12 2020-03-26
4.3
None Remote Medium Not required None Partial None
CSRF in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article via a crafted request.
21 CVE-2020-10484 352 CSRF 2020-03-12 2020-03-26
4.3
None Remote Medium Not required None Partial None
CSRF in admin/add-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to create a custom field via a crafted request.
22 CVE-2020-10483 352 CSRF 2020-03-12 2020-03-26
4.3
None Remote Medium Not required None Partial None
CSRF in admin/ajax-hub.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to post a comment on any article via a crafted request.
23 CVE-2020-10482 352 CSRF 2020-03-12 2020-03-26
4.3
None Remote Medium Not required None Partial None
CSRF in admin/add-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new article template via a crafted request.
24 CVE-2020-10481 352 CSRF 2020-03-12 2020-03-26
4.3
None Remote Medium Not required None Partial None
CSRF in admin/add-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new glossary term via a crafted request.
25 CVE-2020-10480 352 CSRF 2020-03-12 2020-03-26
4.3
None Remote Medium Not required None Partial None
CSRF in admin/add-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new category via a crafted request.
26 CVE-2020-10479 352 CSRF 2020-03-12 2020-03-26
4.3
None Remote Medium Not required None Partial None
CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new news article via a crafted request.
27 CVE-2020-10478 352 DoS Exec Code CSRF 2020-03-12 2020-03-26
4.3
None Remote Medium Not required None Partial None
CSRF in admin/manage-settings.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to change the global settings, potentially gaining code execution or causing a denial of service, via a crafted request.
28 CVE-2020-10475 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
Reflected XSS in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.
29 CVE-2020-10474 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
Reflected XSS in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.
30 CVE-2020-10473 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
Reflected XSS in admin/manage-categories.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.
31 CVE-2020-10472 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
Reflected XSS in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.
32 CVE-2020-10470 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
Reflected XSS in admin/manage-fields.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.
33 CVE-2020-10469 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
Reflected XSS in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.
34 CVE-2020-10468 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
Reflected XSS in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.
35 CVE-2020-10467 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
Reflected XSS in admin/edit-comment.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.
36 CVE-2020-10466 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
Reflected XSS in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.
37 CVE-2020-10465 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
Reflected XSS in admin/edit-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.
38 CVE-2020-10464 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
Reflected XSS in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.
39 CVE-2020-10463 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
Reflected XSS in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.
40 CVE-2020-10462 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
Reflected XSS in admin/edit-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.
41 CVE-2020-10461 79 XSS 2020-03-12 2020-03-26
4.3
None Remote Medium Not required None Partial None
The way comments in article.php (vulnerable function in include/functions-article.php) are handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in admin/manage-comments.php, via the GET parameter cmt.
42 CVE-2020-10460 1236 2020-03-12 2022-04-18
4.0
None Remote Low ??? None Partial None
admin/include/operations.php (via admin/email-harvester.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject untrusted input inside CSV files via the POST parameter data.
43 CVE-2020-10459 22 Dir. Trav. 2020-03-12 2020-03-26
4.0
None Remote Low ??? Partial None None
Path Traversal in admin/assetmanager/assetmanager.php (vulnerable function saved in admin/assetmanager/functions.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to list the files that are stored on the webserver using a dot-dot-slash sequence (../) via the POST parameter inpCurrFolder.
44 CVE-2020-10458 22 DoS Dir. Trav. 2020-03-12 2020-03-26
5.5
None Remote Low ??? None Partial Partial
Path Traversal in admin/imagepaster/operations.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete any folder on the webserver using a dot-dot-slash sequence (../) via the GET parameter crdir, when the GET parameter action is set to df, causing a Denial of Service.
45 CVE-2020-10457 22 Dir. Trav. 2020-03-12 2020-03-26
4.0
None Remote Low ??? None Partial None
Path Traversal in admin/imagepaster/image-renaming.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to rename any file on the webserver using a dot-dot-slash sequence (../) via the POST parameter imgName (for the new name) and imgUrl (for the current file to be renamed).
46 CVE-2020-10456 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/trash-box.php by adding a question mark (?) followed by the payload.
47 CVE-2020-10455 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/translate.php by adding a question mark (?) followed by the payload.
48 CVE-2020-10454 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/sitemap-generator.php by adding a question mark (?) followed by the payload.
49 CVE-2020-10453 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/search-users.php by adding a question mark (?) followed by the payload.
50 CVE-2020-10452 79 XSS 2020-03-12 2020-03-26
3.5
None Remote Medium ??? None Partial None
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/save-article.php by adding a question mark (?) followed by the payload.
Total number of vulnerabilities : 115   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.