Show filters
5 Total Results
Displaying 1-5 of 5
Sort by:
Attacker Value
Unknown

CVE-2020-21236

Disclosure Date: December 27, 2021 (last updated February 23, 2025)
A vulnerability in /damicms-master/admin.php?s=/Article/doedit of DamiCMS v6.0 allows attackers to compromise and impersonate user accounts via obtaining a user's session cookie.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2018-14831

Disclosure Date: July 10, 2019 (last updated November 27, 2024)
An arbitrary file read vulnerability in DamiCMS v6.0.0 allows remote authenticated administrators to read any files in the server via a crafted /admin.php?s=Tpl/Add/id/ URI.
0
0
Attacker Value
Unknown

CVE-2018-16331

Disclosure Date: September 02, 2018 (last updated November 27, 2024)
admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password.
0
0
Attacker Value
Unknown

CVE-2018-15844

Disclosure Date: August 25, 2018 (last updated November 27, 2024)
An issue was discovered in DamiCMS 6.0.0. There is an CSRF vulnerability that can revise the administrator account's password via /admin.php?s=/Admin/doedit.
0
0
Attacker Value
Unknown

CVE-2018-13031

Disclosure Date: July 05, 2018 (last updated November 27, 2024)
DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account.
0
0