Damicms
Products
1- 7 CVEs
Recent CVEs
7| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-15844 | Hig | 0.60 | 8.8 | 0.02 | Aug 25, 2018 | An issue was discovered in DamiCMS 6.0.0. There is an CSRF vulnerability that can revise the administrator account's password via /admin.php?s=/Admin/doedit. | ||
| CVE-2020-21236 | Hig | 0.57 | 8.8 | 0.01 | Dec 27, 2021 | A vulnerability in /damicms-master/admin.php?s=/Article/doedit of DamiCMS v6.0 allows attackers to compromise and impersonate user accounts via obtaining a user's session cookie. | ||
| CVE-2018-16331 | Hig | 0.57 | 8.8 | 0.01 | Sep 2, 2018 | admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password. | ||
| CVE-2018-13031 | Hig | 0.57 | 8.8 | 0.01 | Jul 5, 2018 | DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account. | ||
| CVE-2020-18458 | Hig | 0.52 | 8.0 | 0.00 | Aug 12, 2021 | Cross Site Request Forgery (CSRF) vulnerability exists in DamiCMS v6.0.6 that can add an admin account via admin.php?s=/Admin/doadd. | ||
| CVE-2018-20571 | Hig | 0.49 | 7.5 | 0.01 | Dec 28, 2018 | DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global configuration file. | ||
| CVE-2018-14831 | Med | 0.32 | 4.9 | 0.02 | Jul 10, 2019 | An arbitrary file read vulnerability in DamiCMS v6.0.0 allows remote authenticated administrators to read any files in the server via a crafted /admin.php?s=Tpl/Add/id/ URI. |
- risk 0.60cvss 8.8epss 0.02
An issue was discovered in DamiCMS 6.0.0. There is an CSRF vulnerability that can revise the administrator account's password via /admin.php?s=/Admin/doedit.
- risk 0.57cvss 8.8epss 0.01
A vulnerability in /damicms-master/admin.php?s=/Article/doedit of DamiCMS v6.0 allows attackers to compromise and impersonate user accounts via obtaining a user's session cookie.
- risk 0.57cvss 8.8epss 0.01
admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password.
- risk 0.57cvss 8.8epss 0.01
DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account.
- risk 0.52cvss 8.0epss 0.00
Cross Site Request Forgery (CSRF) vulnerability exists in DamiCMS v6.0.6 that can add an admin account via admin.php?s=/Admin/doadd.
- risk 0.49cvss 7.5epss 0.01
DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global configuration file.
- risk 0.32cvss 4.9epss 0.02
An arbitrary file read vulnerability in DamiCMS v6.0.0 allows remote authenticated administrators to read any files in the server via a crafted /admin.php?s=Tpl/Add/id/ URI.