Shodan
Vulnerabilities
Vulnerable Software
Chadhaajay:  Security Vulnerabilities
CVE-2020-11579
An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part of the installation process) allows a remote unauthenticated attacker to disclose local files on hosts running PHP before 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFILE option is enabled.
CVSS Score
7.5
EPSS Score
0.152
Published
2020-09-03
CVE-2020-10500
CSRF in admin/reply-ticket.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to reply to any ticket, given the id, via a crafted request.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-03-12
CVE-2020-10501
CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a department, given the id, via a crafted request.
CVSS Score
6.5
EPSS Score
0.001
Published
2020-03-12
CVE-2020-10502
CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to approve any comment, given the id, via a crafted request.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-03-12
CVE-2020-10503
CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to disapprove any comment, given the id, via a crafted request.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-03-12
CVE-2020-10504
CSRF in admin/edit-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a comment, given the id, via a crafted request.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-03-12
CVE-2020-10485
CSRF in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article via a crafted request.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-03-12
CVE-2020-10486
CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a comment via a crafted request.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-03-12
CVE-2020-10487
CSRF in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a glossary term via a crafted request.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-03-12
CVE-2020-10488
CSRF in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a news article via a crafted request.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-03-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved