Show filters
119 Total Results
Displaying 81-90 of 119
Sort by:
Attacker Value
Unknown
CVE-2020-10499
Disclosure Date: March 12, 2020 (last updated February 21, 2025)
CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to close any ticket, given the id, via a crafted request.
0
Attacker Value
Unknown
CVE-2020-10478
Disclosure Date: March 12, 2020 (last updated February 21, 2025)
CSRF in admin/manage-settings.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to change the global settings, potentially gaining code execution or causing a denial of service, via a crafted request.
0
Attacker Value
Unknown
CVE-2020-10484
Disclosure Date: March 12, 2020 (last updated February 21, 2025)
CSRF in admin/add-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to create a custom field via a crafted request.
0
Attacker Value
Unknown
CVE-2020-10501
Disclosure Date: March 12, 2020 (last updated February 21, 2025)
CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a department, given the id, via a crafted request.
0
Attacker Value
Unknown
CVE-2020-10459
Disclosure Date: March 12, 2020 (last updated February 21, 2025)
Path Traversal in admin/assetmanager/assetmanager.php (vulnerable function saved in admin/assetmanager/functions.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to list the files that are stored on the webserver using a dot-dot-slash sequence (../) via the POST parameter inpCurrFolder.
0
Attacker Value
Unknown
CVE-2020-10403
Disclosure Date: March 12, 2020 (last updated February 21, 2025)
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-comment.php by adding a question mark (?) followed by the payload.
0
Attacker Value
Unknown
CVE-2020-10410
Disclosure Date: March 12, 2020 (last updated February 21, 2025)
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-user.php by adding a question mark (?) followed by the payload.
0
Attacker Value
Unknown
CVE-2020-10405
Disclosure Date: March 12, 2020 (last updated February 21, 2025)
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-glossary.php by adding a question mark (?) followed by the payload.
0
Attacker Value
Unknown
CVE-2020-10503
Disclosure Date: March 12, 2020 (last updated February 21, 2025)
CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to disapprove any comment, given the id, via a crafted request.
0
Attacker Value
Unknown
CVE-2020-10457
Disclosure Date: March 12, 2020 (last updated February 21, 2025)
Path Traversal in admin/imagepaster/image-renaming.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to rename any file on the webserver using a dot-dot-slash sequence (../) via the POST parameter imgName (for the new name) and imgUrl (for the current file to be renamed).
0
