» 2020 » 3월

CVE-2020-10460

Posted on 2020년 3월 12일2020년 3월 13일 by admin

CVE-2020-10460

admin/include/operations.php (via admin/email-harvester.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject untrusted input inside CSV files via the POST parameter data.

Source: CVE-2020-10460

CVE-2020-10457

Posted on 2020년 3월 12일2020년 3월 13일 by admin

CVE-2020-10457

Path Traversal in admin/imagepaster/image-renaming.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to rename any file on the webserver using a dot-dot-slash sequence (../) via the POST parameter imgName (for the new name) and imgUrl (for the current file to be renamed).

Source: CVE-2020-10457

CVE-2020-10459

Posted on 2020년 3월 12일2020년 3월 13일 by admin

CVE-2020-10459

Path Traversal in admin/assetmanager/assetmanager.php (vulnerable function saved in admin/assetmanager/functions.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to list the files that are stored on the webserver using a dot-dot-slash sequence (../) via the POST parameter inpCurrFolder.

Source: CVE-2020-10459

CVE-2020-10456

Posted on 2020년 3월 12일2020년 3월 13일 by admin

CVE-2020-10456

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/trash-box.php by adding a question mark (?) followed by the payload.

Source: CVE-2020-10456

CVE-2020-10458

Posted on 2020년 3월 12일2020년 3월 13일 by admin

CVE-2020-10458

Path Traversal in admin/imagepaster/operations.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete any folder on the webserver using a dot-dot-slash sequence (../) via the GET parameter crdir, when the GET parameter action is set to df, causing a Denial of Service.

Source: CVE-2020-10458

CVE-2020-10455

Posted on 2020년 3월 12일2020년 3월 13일 by admin

CVE-2020-10455

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/translate.php by adding a question mark (?) followed by the payload.

Source: CVE-2020-10455

CVE-2020-10444

Posted on 2020년 3월 12일2020년 3월 13일 by admin

CVE-2020-10444

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-rated.php by adding a question mark (?) followed by the payload.

Source: CVE-2020-10444

CVE-2020-10453

Posted on 2020년 3월 12일2020년 3월 13일 by admin

CVE-2020-10453

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/search-users.php by adding a question mark (?) followed by the payload.

Source: CVE-2020-10453

CVE-2020-10446

Posted on 2020년 3월 12일2020년 3월 13일 by admin

CVE-2020-10446

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-category.php by adding a question mark (?) followed by the payload.

Source: CVE-2020-10446

CVE-2020-10445

Posted on 2020년 3월 12일2020년 3월 13일 by admin

CVE-2020-10445

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article.php by adding a question mark (?) followed by the payload.

Source: CVE-2020-10445