Chadhaajay Phpkb
By the Year
In 2023 there have been 0 vulnerabilities in Chadhaajay Phpkb . Phpkb did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 0 | 0.00 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 119 | 4.84 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Phpkb vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Chadhaajay Phpkb Security Vulnerabilities
Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10387
4.9 - Medium
- March 12, 2020
Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to download files from the server using a dot-dot-slash sequence (../) via the GET parameter file.
Directory traversal
The way the Referer header in article.php is handled in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10388
5.4 - Medium
- March 12, 2020
The way the Referer header in article.php is handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in admin/report-referrers.php (vulnerable file admin/include/functions-articles.php).
XSS
admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10389
7.2 - High
- March 12, 2020
admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by injecting PHP code into any POST parameter when saving global settings.
Code Injection
OS Command Injection in export.php (vulnerable function called from include/functions-article.php) in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10390
7.2 - High
- March 12, 2020
OS Command Injection in export.php (vulnerable function called from include/functions-article.php) in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by saving the code to be executed as the wkhtmltopdf path via admin/save-settings.php.
Shell injection
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10391
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-article.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10392
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-category.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10393
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-field.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10394
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-glossary.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10395
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-group.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10396
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-language.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10397
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-news.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10398
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-template.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10399
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-user.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10400
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/article-collaboration.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10401
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-article.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10402
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-category.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10403
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-comment.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10404
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-field.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10405
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-glossary.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10406
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-group.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10407
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-news.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10408
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-subscriber.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10409
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-template.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10410
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-user.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10411
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/email-harvester.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10412
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/import-csv.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10413
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/import-html.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10414
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/index-attachments.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10415
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/index.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10416
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/kb-backup.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10417
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-articles.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10418
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-attachments.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10419
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-categories.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10420
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-comments.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10421
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-departments.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10422
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-drafts.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10423
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-feedbacks.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10424
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-fields.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10425
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-glossary.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10426
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-groups.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10427
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-languages.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10428
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-news.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10429
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-settings.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10430
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-subscribers.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10431
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-templates.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10432
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-tickets.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10433
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-users.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10434
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-versions.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10435
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/my-languages.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10436
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/my-profile.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10437
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/optimize-database.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10438
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/reply-ticket.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10439
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-discussed.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10440
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-mailed.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10441
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-monthly.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10442
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-popular.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10443
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-printed.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10444
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-rated.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10445
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10446
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-category.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10447
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-failed-login.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10449
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-search.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10450
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-traffic.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10451
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-user.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10452
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/save-article.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10453
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/search-users.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10454
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/sitemap-generator.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10455
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/translate.php by adding a question mark (?) followed by the payload.
XSS
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10456
4.8 - Medium
- March 12, 2020
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/trash-box.php by adding a question mark (?) followed by the payload.
XSS
Path Traversal in admin/imagepaster/image-renaming.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10457
2.7 - Low
- March 12, 2020
Path Traversal in admin/imagepaster/image-renaming.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to rename any file on the webserver using a dot-dot-slash sequence (../) via the POST parameter imgName (for the new name) and imgUrl (for the current file to be renamed).
Directory traversal
Path Traversal in admin/imagepaster/operations.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10458
6.5 - Medium
- March 12, 2020
Path Traversal in admin/imagepaster/operations.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete any folder on the webserver using a dot-dot-slash sequence (../) via the GET parameter crdir, when the GET parameter action is set to df, causing a Denial of Service.
Directory traversal
Path Traversal in admin/assetmanager/assetmanager.php (vulnerable function saved in admin/assetmanager/functions.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to list the files
CVE-2020-10459
2.7 - Low
- March 12, 2020
Path Traversal in admin/assetmanager/assetmanager.php (vulnerable function saved in admin/assetmanager/functions.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to list the files that are stored on the webserver using a dot-dot-slash sequence (../) via the POST parameter inpCurrFolder.
Directory traversal
admin/include/operations.php (via admin/email-harvester.php) in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10460
4.9 - Medium
- March 12, 2020
admin/include/operations.php (via admin/email-harvester.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject untrusted input inside CSV files via the POST parameter data.
CSV Injection
The way comments in article.php (vulnerable function in include/functions-article.php) are handled in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10461
6.1 - Medium
- March 12, 2020
The way comments in article.php (vulnerable function in include/functions-article.php) are handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in admin/manage-comments.php, via the GET parameter cmt.
XSS
Reflected XSS in admin/edit-field.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10462
4.8 - Medium
- March 12, 2020
Reflected XSS in admin/edit-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.
XSS
Reflected XSS in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10463
4.8 - Medium
- March 12, 2020
Reflected XSS in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.
XSS
Reflected XSS in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10464
4.8 - Medium
- March 12, 2020
Reflected XSS in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.
XSS
Reflected XSS in admin/edit-category.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10465
4.8 - Medium
- March 12, 2020
Reflected XSS in admin/edit-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.
XSS
Reflected XSS in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10466
4.8 - Medium
- March 12, 2020
Reflected XSS in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.
XSS
Reflected XSS in admin/edit-comment.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10467
4.8 - Medium
- March 12, 2020
Reflected XSS in admin/edit-comment.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.
XSS
Reflected XSS in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10468
4.8 - Medium
- March 12, 2020
Reflected XSS in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.
XSS
Reflected XSS in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10469
4.8 - Medium
- March 12, 2020
Reflected XSS in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.
XSS
Reflected XSS in admin/manage-fields.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10470
4.8 - Medium
- March 12, 2020
Reflected XSS in admin/manage-fields.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.
XSS
Reflected XSS in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10471
4.8 - Medium
- March 12, 2020
Reflected XSS in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.
XSS
Reflected XSS in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10472
4.8 - Medium
- March 12, 2020
Reflected XSS in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.
XSS
Reflected XSS in admin/manage-categories.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10473
4.8 - Medium
- March 12, 2020
Reflected XSS in admin/manage-categories.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.
XSS
Reflected XSS in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10474
4.8 - Medium
- March 12, 2020
Reflected XSS in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.
XSS
Reflected XSS in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10475
4.8 - Medium
- March 12, 2020
Reflected XSS in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.
XSS
CSRF in admin/manage-settings.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10478
8.8 - High
- March 12, 2020
CSRF in admin/manage-settings.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to change the global settings, potentially gaining code execution or causing a denial of service, via a crafted request.
Session Riding
CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10479
4.3 - Medium
- March 12, 2020
CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new news article via a crafted request.
Session Riding
CSRF in admin/add-category.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10480
4.3 - Medium
- March 12, 2020
CSRF in admin/add-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new category via a crafted request.
Session Riding
CSRF in admin/add-glossary.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10481
4.3 - Medium
- March 12, 2020
CSRF in admin/add-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new glossary term via a crafted request.
Session Riding
CSRF in admin/add-template.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10482
4.3 - Medium
- March 12, 2020
CSRF in admin/add-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new article template via a crafted request.
Session Riding
CSRF in admin/ajax-hub.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10483
4.3 - Medium
- March 12, 2020
CSRF in admin/ajax-hub.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to post a comment on any article via a crafted request.
Session Riding
CSRF in admin/add-field.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10484
4.3 - Medium
- March 12, 2020
CSRF in admin/add-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to create a custom field via a crafted request.
Session Riding
CSRF in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10485
4.3 - Medium
- March 12, 2020
CSRF in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article via a crafted request.
Session Riding
CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10486
4.3 - Medium
- March 12, 2020
CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a comment via a crafted request.
Session Riding
CSRF in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10487
4.3 - Medium
- March 12, 2020
CSRF in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a glossary term via a crafted request.
Session Riding
CSRF in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10488
4.3 - Medium
- March 12, 2020
CSRF in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a news article via a crafted request.
Session Riding
CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9
CVE-2020-10489
4.3 - Medium
- March 12, 2020
CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a ticket via a crafted request.
Session Riding
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Chadhaajay Phpkb or by Chadhaajay? Click the Watch button to subscribe.
