CVEDB API

Vulnerabilities

Vulnerable Software

Damicms: >> Damicms Security Vulnerabilities

CVE-2020-21236

A vulnerability in /damicms-master/admin.php?s=/Article/doedit of DamiCMS v6.0 allows attackers to compromise and impersonate user accounts via obtaining a user's session cookie.

CVSS Score

8.8

EPSS Score

0.002

Published

2021-12-27

CVE-2020-18458

Cross Site Request Forgery (CSRF) vulnerability exists in DamiCMS v6.0.6 that can add an admin account via admin.php?s=/Admin/doadd.

CVSS Score

8.0

EPSS Score

0.001

Published

2021-08-12

CVE-2020-18451

Cross Site Scripting (XSS) vulnerability exists in DamiCMS v6.0.6 via the title parameter in the doadd function in LabelAction.class.php.

CVSS Score

4.8

EPSS Score

0.002

Published

2021-08-12

CVE-2018-14831

An arbitrary file read vulnerability in DamiCMS v6.0.0 allows remote authenticated administrators to read any files in the server via a crafted /admin.php?s=Tpl/Add/id/ URI.

CVSS Score

4.9

EPSS Score

0.003

Published

2019-07-10

CVE-2018-20571

DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global configuration file.

CVSS Score

7.5

EPSS Score

0.003

Published

2018-12-28

CVE-2018-16331

admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password.

CVSS Score

8.8

EPSS Score

0.001

Published

2018-09-02

CVE-2018-16237

An issue was discovered in damiCMS V6.0.1. There is Directory Traversal via '|' characters in the s parameter to admin.php, as demonstrated by an admin.php?s=Tpl/Add/id/c:|windows|win.ini URI.

CVSS Score

2.7

EPSS Score

0.003

Published

2018-08-30

CVE-2018-16238

An issue was discovered in damiCMS V6.0.1. Remote code execution can occur via PHP code in a multipart/form-data POST to the admin.php?s=/Tpl/Update.html URI. For example, this can update the Web/Tpl/default/head.html file.

CVSS Score

7.2

EPSS Score

0.022

Published

2018-08-30

CVE-2018-16239

An issue was discovered in damiCMS V6.0.1. It relies on the PHP time() function for cookies, which makes it possible to determine the cookie for an existing admin session via 10800 guesses.

CVSS Score

9.8

EPSS Score

0.004

Published

2018-08-30

CVE-2018-15844

An issue was discovered in DamiCMS 6.0.0. There is an CSRF vulnerability that can revise the administrator account's password via /admin.php?s=/Admin/doedit.

CVSS Score

8.8

EPSS Score

0.004

Published

2018-08-25

Page 1

Vulnerabilities

Vulnerable Software

Damicms: >> Damicms Security Vulnerabilities

Products

Pricing

Contact Us