Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
chadhaajay phpkb 9.0 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-11579
An issue exists in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part of the installation process) allows a remote unauthenticated malicious user to disclose local files on hosts running PHP prior to 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFIL...
Chadhaajay Phpkb 9.0
1 Github repository
4.9
CVSSv3
CVE-2020-10387
Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-Language 9 allows remote malicious users to download files from the server using a dot-dot-slash sequence (../) via the GET parameter file.
Chadhaajay Phpkb 9.0
1 EDB exploit
5.4
CVSSv3
CVE-2020-10388
The way the Referer header in article.php is handled in Chadha PHPKB Standard Multi-Language 9 allows malicious users to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in admin/report-referrers.php (vulnerable file admin/include/functions-articles.php).
Chadhaajay Phpkb 9.0
7.2
CVSSv3
CVE-2020-10389
admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allows remote malicious users to achieve Code Execution by injecting PHP code into any POST parameter when saving global settings.
Chadhaajay Phpkb 9.0
7.2
CVSSv3
CVE-2020-10390
OS Command Injection in export.php (vulnerable function called from include/functions-article.php) in Chadha PHPKB Standard Multi-Language 9 allows remote malicious users to achieve Code Execution by saving the code to be executed as the wkhtmltopdf path via admin/save-settings.p...
Chadhaajay Phpkb 9.0
4.8
CVSSv3
CVE-2020-10392
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-category.php by adding a question mark (?) followed by the payload.
Chadhaajay Phpkb 9.0
4.8
CVSSv3
CVE-2020-10394
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-glossary.php by adding a question mark (?) followed by the payload.
Chadhaajay Phpkb 9.0
4.8
CVSSv3
CVE-2020-10395
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-group.php by adding a question mark (?) followed by the payload.
Chadhaajay Phpkb 9.0
4.8
CVSSv3
CVE-2020-10396
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-language.php by adding a question mark (?) followed by the payload.
Chadhaajay Phpkb 9.0
4.8
CVSSv3
CVE-2020-10398
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-template.php by adding a question mark (?) followed by the payload.
Chadhaajay Phpkb 9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661
open redirect
CVE-2024-25512
CVE-2024-33788
command injection
SSTI
CVE-2024-0043
CVE-2024-29210
CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »