VYPR
Vendor

Damicms

Products
1
CVEs
7
Across products
7
Status
Private

Products

1

Recent CVEs

7
  • CVE-2018-15844HigAug 25, 2018
    risk 0.60cvss 8.8epss 0.02

    An issue was discovered in DamiCMS 6.0.0. There is an CSRF vulnerability that can revise the administrator account's password via /admin.php?s=/Admin/doedit.

  • CVE-2020-21236HigDec 27, 2021
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in /damicms-master/admin.php?s=/Article/doedit of DamiCMS v6.0 allows attackers to compromise and impersonate user accounts via obtaining a user's session cookie.

  • CVE-2018-16331HigSep 2, 2018
    risk 0.57cvss 8.8epss 0.01

    admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password.

  • CVE-2018-13031HigJul 5, 2018
    risk 0.57cvss 8.8epss 0.01

    DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account.

  • CVE-2020-18458HigAug 12, 2021
    risk 0.52cvss 8.0epss 0.00

    Cross Site Request Forgery (CSRF) vulnerability exists in DamiCMS v6.0.6 that can add an admin account via admin.php?s=/Admin/doadd.

  • CVE-2018-20571HigDec 28, 2018
    risk 0.49cvss 7.5epss 0.01

    DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global configuration file.

  • CVE-2018-14831MedJul 10, 2019
    risk 0.32cvss 4.9epss 0.02

    An arbitrary file read vulnerability in DamiCMS v6.0.0 allows remote authenticated administrators to read any files in the server via a crafted /admin.php?s=Tpl/Add/id/ URI.