Vendor CVEs
Chadha
All CVEs
121 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-10495 | Med | 0.28 | 4.3 | 0.00 | Mar 12, 2020 | CSRF in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article template, given the id, via a crafted request. | ||
| CVE-2020-10494 | Med | 0.28 | 4.3 | 0.00 | Mar 12, 2020 | CSRF in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a news article, given the id, via a crafted request. | ||
| CVE-2020-10493 | Med | 0.28 | 4.3 | 0.00 | Mar 12, 2020 | CSRF in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a glossary term, given the id, via a crafted request. | ||
| CVE-2020-10492 | Med | 0.28 | 4.3 | 0.00 | Mar 12, 2020 | CSRF in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article template via a crafted request. | ||
| CVE-2020-10491 | Med | 0.28 | 4.3 | 0.00 | Mar 12, 2020 | CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a department via a crafted request. | ||
| CVE-2020-10490 | Med | 0.28 | 4.3 | 0.00 | Mar 12, 2020 | CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a department via a crafted request. | ||
| CVE-2020-10489 | Med | 0.28 | 4.3 | 0.00 | Mar 12, 2020 | CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a ticket via a crafted request. | ||
| CVE-2020-10488 | Med | 0.28 | 4.3 | 0.00 | Mar 12, 2020 | CSRF in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a news article via a crafted request. | ||
| CVE-2020-10487 | Med | 0.28 | 4.3 | 0.01 | Mar 12, 2020 | CSRF in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a glossary term via a crafted request. | ||
| CVE-2020-10486 | Med | 0.28 | 4.3 | 0.00 | Mar 12, 2020 | CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a comment via a crafted request. | ||
| CVE-2020-10485 | Med | 0.28 | 4.3 | 0.00 | Mar 12, 2020 | CSRF in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article via a crafted request. | ||
| CVE-2020-10484 | Med | 0.28 | 4.3 | 0.00 | Mar 12, 2020 | CSRF in admin/add-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to create a custom field via a crafted request. | ||
| CVE-2020-10483 | Med | 0.28 | 4.3 | 0.00 | Mar 12, 2020 | CSRF in admin/ajax-hub.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to post a comment on any article via a crafted request. | ||
| CVE-2020-10482 | Med | 0.28 | 4.3 | 0.00 | Mar 12, 2020 | CSRF in admin/add-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new article template via a crafted request. | ||
| CVE-2020-10481 | Med | 0.28 | 4.3 | 0.00 | Mar 12, 2020 | CSRF in admin/add-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new glossary term via a crafted request. | ||
| CVE-2020-10480 | Med | 0.28 | 4.3 | 0.01 | Mar 12, 2020 | CSRF in admin/add-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new category via a crafted request. | ||
| CVE-2020-10479 | Med | 0.28 | 4.3 | 0.00 | Mar 12, 2020 | CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new news article via a crafted request. | ||
| CVE-2020-10459 | Low | 0.18 | 2.7 | 0.01 | Mar 12, 2020 | Path Traversal in admin/assetmanager/assetmanager.php (vulnerable function saved in admin/assetmanager/functions.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to list the files that are stored on the webserver using a dot-dot-slash sequence (../) via the POST… | ||
| CVE-2020-10457 | Low | 0.18 | 2.7 | 0.01 | Mar 12, 2020 | Path Traversal in admin/imagepaster/image-renaming.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to rename any file on the webserver using a dot-dot-slash sequence (../) via the POST parameter imgName (for the new name) and imgUrl (for the current file to be… | ||
| CVE-2008-1909 | 0.03 | — | 0.01 | Apr 22, 2008 | SQL injection vulnerability in comment.php in PHP Knowledge Base (PHPKB) 1.5 and 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||
| CVE-2006-2184 | 0.00 | — | 0.01 | May 4, 2006 | Cross-site scripting (XSS) vulnerability in search.php in PHPKB Knowledge Base allows remote attackers to inject arbitrary web script or HTML via the searchkeyword parameter. NOTE: the issue was originally disputed by the vendor, but on 20060519, the vendor notified CVE that… |
- risk 0.28cvss 4.3epss 0.00
CSRF in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article template, given the id, via a crafted request.
- risk 0.28cvss 4.3epss 0.00
CSRF in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a news article, given the id, via a crafted request.
- risk 0.28cvss 4.3epss 0.00
CSRF in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a glossary term, given the id, via a crafted request.
- risk 0.28cvss 4.3epss 0.00
CSRF in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article template via a crafted request.
- risk 0.28cvss 4.3epss 0.00
CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a department via a crafted request.
- risk 0.28cvss 4.3epss 0.00
CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a department via a crafted request.
- risk 0.28cvss 4.3epss 0.00
CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a ticket via a crafted request.
- risk 0.28cvss 4.3epss 0.00
CSRF in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a news article via a crafted request.
- risk 0.28cvss 4.3epss 0.01
CSRF in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a glossary term via a crafted request.
- risk 0.28cvss 4.3epss 0.00
CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a comment via a crafted request.
- risk 0.28cvss 4.3epss 0.00
CSRF in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article via a crafted request.
- risk 0.28cvss 4.3epss 0.00
CSRF in admin/add-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to create a custom field via a crafted request.
- risk 0.28cvss 4.3epss 0.00
CSRF in admin/ajax-hub.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to post a comment on any article via a crafted request.
- risk 0.28cvss 4.3epss 0.00
CSRF in admin/add-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new article template via a crafted request.
- risk 0.28cvss 4.3epss 0.00
CSRF in admin/add-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new glossary term via a crafted request.
- risk 0.28cvss 4.3epss 0.01
CSRF in admin/add-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new category via a crafted request.
- risk 0.28cvss 4.3epss 0.00
CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new news article via a crafted request.
- risk 0.18cvss 2.7epss 0.01
Path Traversal in admin/assetmanager/assetmanager.php (vulnerable function saved in admin/assetmanager/functions.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to list the files that are stored on the webserver using a dot-dot-slash sequence (../) via the POST…
- risk 0.18cvss 2.7epss 0.01
Path Traversal in admin/imagepaster/image-renaming.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to rename any file on the webserver using a dot-dot-slash sequence (../) via the POST parameter imgName (for the new name) and imgUrl (for the current file to be…
- CVE-2008-1909Apr 22, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in comment.php in PHP Knowledge Base (PHPKB) 1.5 and 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
- CVE-2006-2184May 4, 2006risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in search.php in PHPKB Knowledge Base allows remote attackers to inject arbitrary web script or HTML via the searchkeyword parameter. NOTE: the issue was originally disputed by the vendor, but on 20060519, the vendor notified CVE that…
Page 3 of 3