Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phpkb vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-11579
An issue exists in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part of the installation process) allows a remote unauthenticated malicious user to disclose local files on hosts running PHP prior to 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFIL...
Chadhaajay Phpkb 9.0
1 Github repository
7.2
CVSSv3
CVE-2020-10390
OS Command Injection in export.php (vulnerable function called from include/functions-article.php) in Chadha PHPKB Standard Multi-Language 9 allows remote malicious users to achieve Code Execution by saving the code to be executed as the wkhtmltopdf path via admin/save-settings.p...
Chadhaajay Phpkb 9.0
4.8
CVSSv3
CVE-2020-10394
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-glossary.php by adding a question mark (?) followed by the payload.
Chadhaajay Phpkb 9.0
4.8
CVSSv3
CVE-2020-10410
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-user.php by adding a question mark (?) followed by the payload.
Chadhaajay Phpkb 9.0
4.8
CVSSv3
CVE-2020-10411
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/email-harvester.php by adding a question mark (?) followed by the payload.
Chadhaajay Phpkb 9.0
4.8
CVSSv3
CVE-2020-10421
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-departments.php by adding a question mark (?) followed by the payload.
Chadhaajay Phpkb 9.0
4.3
CVSSv3
CVE-2020-10502
CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows malicious users to approve any comment, given the id, via a crafted request.
Chadhaajay Phpkb 9.0
6.1
CVSSv3
CVE-2020-10461
The way comments in article.php (vulnerable function in include/functions-article.php) are handled in Chadha PHPKB Standard Multi-Language 9 allows malicious users to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in admin/manage-comments.php, via the GET par...
Chadhaajay Phpkb 9.0
4.3
CVSSv3
CVE-2020-10504
CSRF in admin/edit-comments.php in Chadha PHPKB Standard Multi-Language 9 allows malicious users to edit a comment, given the id, via a crafted request.
Chadhaajay Phpkb 9.0
5.4
CVSSv3
CVE-2020-10388
The way the Referer header in article.php is handled in Chadha PHPKB Standard Multi-Language 9 allows malicious users to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in admin/report-referrers.php (vulnerable file admin/include/functions-articles.php).
Chadhaajay Phpkb 9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-17519
open redirect
CVE-2024-21683
cache poisoning
CVE-2021-47524
CVE-2021-47521
CVE-2024-5229
CVE-2021-47560
local
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »