VYPR

Vendor CVEs

Chadha

All CVEs

121 total · sorted by risk
  • CVE-2020-10495MedMar 12, 2020
    risk 0.28cvss 4.3epss 0.00

    CSRF in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article template, given the id, via a crafted request.

  • CVE-2020-10494MedMar 12, 2020
    risk 0.28cvss 4.3epss 0.00

    CSRF in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a news article, given the id, via a crafted request.

  • CVE-2020-10493MedMar 12, 2020
    risk 0.28cvss 4.3epss 0.00

    CSRF in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a glossary term, given the id, via a crafted request.

  • CVE-2020-10492MedMar 12, 2020
    risk 0.28cvss 4.3epss 0.00

    CSRF in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article template via a crafted request.

  • CVE-2020-10491MedMar 12, 2020
    risk 0.28cvss 4.3epss 0.00

    CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a department via a crafted request.

  • CVE-2020-10490MedMar 12, 2020
    risk 0.28cvss 4.3epss 0.00

    CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a department via a crafted request.

  • CVE-2020-10489MedMar 12, 2020
    risk 0.28cvss 4.3epss 0.00

    CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a ticket via a crafted request.

  • CVE-2020-10488MedMar 12, 2020
    risk 0.28cvss 4.3epss 0.00

    CSRF in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a news article via a crafted request.

  • CVE-2020-10487MedMar 12, 2020
    risk 0.28cvss 4.3epss 0.01

    CSRF in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a glossary term via a crafted request.

  • CVE-2020-10486MedMar 12, 2020
    risk 0.28cvss 4.3epss 0.00

    CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a comment via a crafted request.

  • CVE-2020-10485MedMar 12, 2020
    risk 0.28cvss 4.3epss 0.00

    CSRF in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article via a crafted request.

  • CVE-2020-10484MedMar 12, 2020
    risk 0.28cvss 4.3epss 0.00

    CSRF in admin/add-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to create a custom field via a crafted request.

  • CVE-2020-10483MedMar 12, 2020
    risk 0.28cvss 4.3epss 0.00

    CSRF in admin/ajax-hub.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to post a comment on any article via a crafted request.

  • CVE-2020-10482MedMar 12, 2020
    risk 0.28cvss 4.3epss 0.00

    CSRF in admin/add-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new article template via a crafted request.

  • CVE-2020-10481MedMar 12, 2020
    risk 0.28cvss 4.3epss 0.00

    CSRF in admin/add-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new glossary term via a crafted request.

  • CVE-2020-10480MedMar 12, 2020
    risk 0.28cvss 4.3epss 0.01

    CSRF in admin/add-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new category via a crafted request.

  • CVE-2020-10479MedMar 12, 2020
    risk 0.28cvss 4.3epss 0.00

    CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new news article via a crafted request.

  • CVE-2020-10459LowMar 12, 2020
    risk 0.18cvss 2.7epss 0.01

    Path Traversal in admin/assetmanager/assetmanager.php (vulnerable function saved in admin/assetmanager/functions.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to list the files that are stored on the webserver using a dot-dot-slash sequence (../) via the POST…

  • CVE-2020-10457LowMar 12, 2020
    risk 0.18cvss 2.7epss 0.01

    Path Traversal in admin/imagepaster/image-renaming.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to rename any file on the webserver using a dot-dot-slash sequence (../) via the POST parameter imgName (for the new name) and imgUrl (for the current file to be…

  • CVE-2008-1909Apr 22, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in comment.php in PHP Knowledge Base (PHPKB) 1.5 and 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.

  • CVE-2006-2184May 4, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in search.php in PHPKB Knowledge Base allows remote attackers to inject arbitrary web script or HTML via the searchkeyword parameter. NOTE: the issue was originally disputed by the vendor, but on 20060519, the vendor notified CVE that…

Page 3 of 3