CPE-B271A4FC-24D4-471D-94D7-3C6739508CBB Detail

CPE Details

Chadhaajay PHPKB 9.0 Enterprise Edition

Vendor

chadhaajay

Product

phpkb

Version

9.0

Created

2020-09-04
09h21 +00:00

Modified

2021-05-26
15h05 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:chadhaajay:phpkb:9.0::::enterprise:::

Informations

Vendor

chadhaajay

Product

phpkb

Version

9.0

Software Edition

enterprise

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2020-11579	2020-09-03 15h15 +00:00	An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part of the installation process) allows a remote unauthenticated attacker to disclose local files on hosts running PHP before 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFILE option is enabled.	7.5	High
CVE-2020-10504	2020-03-12 12h06 +00:00	CSRF in admin/edit-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a comment, given the id, via a crafted request.	4.3	Medium
CVE-2020-10503	2020-03-12 12h06 +00:00	CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to disapprove any comment, given the id, via a crafted request.	4.3	Medium
CVE-2020-10502	2020-03-12 12h06 +00:00	CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to approve any comment, given the id, via a crafted request.	4.3	Medium
CVE-2020-10501	2020-03-12 12h06 +00:00	CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a department, given the id, via a crafted request.	6.5	Medium
CVE-2020-10500	2020-03-12 12h06 +00:00	CSRF in admin/reply-ticket.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to reply to any ticket, given the id, via a crafted request.	4.3	Medium
CVE-2020-10499	2020-03-12 12h06 +00:00	CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to close any ticket, given the id, via a crafted request.	4.3	Medium
CVE-2020-10498	2020-03-12 12h06 +00:00	CSRF in admin/edit-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a category, given the id, via a crafted request.	6.5	Medium
CVE-2020-10497	2020-03-12 12h06 +00:00	CSRF in admin/manage-categories.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a category via a crafted request.	6.5	Medium
CVE-2020-10496	2020-03-12 12h06 +00:00	CSRF in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article, given the id, via a crafted request.	4.3	Medium
CVE-2020-10495	2020-03-12 12h06 +00:00	CSRF in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article template, given the id, via a crafted request.	4.3	Medium
CVE-2020-10494	2020-03-12 12h06 +00:00	CSRF in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a news article, given the id, via a crafted request.	4.3	Medium
CVE-2020-10493	2020-03-12 12h05 +00:00	CSRF in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a glossary term, given the id, via a crafted request.	4.3	Medium
CVE-2020-10492	2020-03-12 12h05 +00:00	CSRF in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article template via a crafted request.	4.3	Medium
CVE-2020-10491	2020-03-12 12h05 +00:00	CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a department via a crafted request.	4.3	Medium
CVE-2020-10490	2020-03-12 12h05 +00:00	CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a department via a crafted request.	4.3	Medium
CVE-2020-10489	2020-03-12 12h05 +00:00	CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a ticket via a crafted request.	4.3	Medium
CVE-2020-10488	2020-03-12 12h05 +00:00	CSRF in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a news article via a crafted request.	4.3	Medium
CVE-2020-10487	2020-03-12 12h05 +00:00	CSRF in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a glossary term via a crafted request.	4.3	Medium
CVE-2020-10486	2020-03-12 12h05 +00:00	CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a comment via a crafted request.	4.3	Medium
CVE-2020-10485	2020-03-12 12h05 +00:00	CSRF in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article via a crafted request.	4.3	Medium
CVE-2020-10484	2020-03-12 12h05 +00:00	CSRF in admin/add-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to create a custom field via a crafted request.	4.3	Medium
CVE-2020-10483	2020-03-12 12h05 +00:00	CSRF in admin/ajax-hub.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to post a comment on any article via a crafted request.	4.3	Medium
CVE-2020-10482	2020-03-12 12h05 +00:00	CSRF in admin/add-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new article template via a crafted request.	4.3	Medium
CVE-2020-10481	2020-03-12 12h05 +00:00	CSRF in admin/add-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new glossary term via a crafted request.	4.3	Medium
CVE-2020-10480	2020-03-12 12h05 +00:00	CSRF in admin/add-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new category via a crafted request.	4.3	Medium
CVE-2020-10479	2020-03-12 12h05 +00:00	CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new news article via a crafted request.	4.3	Medium
CVE-2020-10478	2020-03-12 12h05 +00:00	CSRF in admin/manage-settings.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to change the global settings, potentially gaining code execution or causing a denial of service, via a crafted request.	8.8	High
CVE-2020-10477	2020-03-12 12h05 +00:00	Reflected XSS in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.	4.8	Medium
CVE-2020-10476	2020-03-12 12h05 +00:00	Reflected XSS in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.	4.8	Medium
CVE-2020-10475	2020-03-12 12h05 +00:00	Reflected XSS in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.	4.8	Medium
CVE-2020-10474	2020-03-12 12h05 +00:00	Reflected XSS in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.	4.8	Medium
CVE-2020-10473	2020-03-12 12h05 +00:00	Reflected XSS in admin/manage-categories.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.	4.8	Medium
CVE-2020-10472	2020-03-12 12h05 +00:00	Reflected XSS in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.	4.8	Medium
CVE-2020-10470	2020-03-12 12h05 +00:00	Reflected XSS in admin/manage-fields.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.	4.8	Medium
CVE-2020-10469	2020-03-12 12h05 +00:00	Reflected XSS in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.	4.8	Medium
CVE-2020-10468	2020-03-12 12h05 +00:00	Reflected XSS in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.	4.8	Medium
CVE-2020-10467	2020-03-12 12h05 +00:00	Reflected XSS in admin/edit-comment.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.	4.8	Medium
CVE-2020-10466	2020-03-12 12h05 +00:00	Reflected XSS in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.	4.8	Medium
CVE-2020-10465	2020-03-12 12h05 +00:00	Reflected XSS in admin/edit-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.	4.8	Medium
CVE-2020-10464	2020-03-12 12h05 +00:00	Reflected XSS in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.	4.8	Medium
CVE-2020-10463	2020-03-12 12h05 +00:00	Reflected XSS in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.	4.8	Medium
CVE-2020-10462	2020-03-12 12h05 +00:00	Reflected XSS in admin/edit-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.	4.8	Medium
CVE-2020-10461	2020-03-12 12h05 +00:00	The way comments in article.php (vulnerable function in include/functions-article.php) are handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in admin/manage-comments.php, via the GET parameter cmt.	6.1	Medium
CVE-2020-10460	2020-03-12 12h05 +00:00	admin/include/operations.php (via admin/email-harvester.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject untrusted input inside CSV files via the POST parameter data.	4.9	Medium
CVE-2020-10459	2020-03-12 12h05 +00:00	Path Traversal in admin/assetmanager/assetmanager.php (vulnerable function saved in admin/assetmanager/functions.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to list the files that are stored on the webserver using a dot-dot-slash sequence (../) via the POST parameter inpCurrFolder.	2.7	Low
CVE-2020-10458	2020-03-12 12h05 +00:00	Path Traversal in admin/imagepaster/operations.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete any folder on the webserver using a dot-dot-slash sequence (../) via the GET parameter crdir, when the GET parameter action is set to df, causing a Denial of Service.	6.5	Medium
CVE-2020-10457	2020-03-12 12h05 +00:00	Path Traversal in admin/imagepaster/image-renaming.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to rename any file on the webserver using a dot-dot-slash sequence (../) via the POST parameter imgName (for the new name) and imgUrl (for the current file to be renamed).	2.7	Low
CVE-2020-10456	2020-03-12 12h05 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/trash-box.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10455	2020-03-12 12h05 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/translate.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10454	2020-03-12 12h05 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/sitemap-generator.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10453	2020-03-12 12h05 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/search-users.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10452	2020-03-12 12h05 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/save-article.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10451	2020-03-12 12h05 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-user.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10450	2020-03-12 12h05 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-traffic.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10449	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-search.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10448	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-referrers.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10447	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-failed-login.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10446	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-category.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10445	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10444	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-rated.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10443	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-printed.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10442	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-popular.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10441	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-monthly.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10440	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-mailed.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10439	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-discussed.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10438	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/reply-ticket.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10437	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/optimize-database.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10436	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/my-profile.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10435	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/my-languages.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10434	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-versions.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10433	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-users.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10432	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-tickets.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10431	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-templates.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10430	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-subscribers.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10429	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-settings.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10428	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-news.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10427	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-languages.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10426	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-groups.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10425	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-glossary.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10424	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-fields.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10423	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-feedbacks.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10422	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-drafts.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10421	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-departments.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10420	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-comments.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10419	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-categories.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10418	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-attachments.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10417	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-articles.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10416	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/kb-backup.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10415	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/index.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10414	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/index-attachments.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10413	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/import-html.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10412	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/import-csv.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10411	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/email-harvester.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10410	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-user.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10409	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-template.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10408	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-subscriber.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10407	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-news.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10406	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-group.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10405	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-glossary.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10404	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-field.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10403	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-comment.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10402	2020-03-12 12h04 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-category.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10401	2020-03-12 12h03 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-article.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10400	2020-03-12 12h03 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/article-collaboration.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10399	2020-03-12 12h03 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-user.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10398	2020-03-12 12h03 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-template.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10397	2020-03-12 12h03 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-news.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10396	2020-03-12 12h03 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-language.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10395	2020-03-12 12h03 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-group.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10394	2020-03-12 12h03 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-glossary.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10393	2020-03-12 12h03 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-field.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10392	2020-03-12 12h03 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-category.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10391	2020-03-12 12h03 +00:00	The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-article.php by adding a question mark (?) followed by the payload.	4.8	Medium
CVE-2020-10390	2020-03-12 12h03 +00:00	OS Command Injection in export.php (vulnerable function called from include/functions-article.php) in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by saving the code to be executed as the wkhtmltopdf path via admin/save-settings.php.	7.2	High
CVE-2020-10389	2020-03-12 12h03 +00:00	admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by injecting PHP code into any POST parameter when saving global settings.	7.2	High
CVE-2020-10388	2020-03-12 12h03 +00:00	The way the Referer header in article.php is handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in admin/report-referrers.php (vulnerable file admin/include/functions-articles.php).	5.4	Medium
CVE-2020-10387	2020-03-12 12h03 +00:00	Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to download files from the server using a dot-dot-slash sequence (../) via the GET parameter file.	4.9	Medium
CVE-2020-10386	2020-03-12 12h00 +00:00	admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by uploading a .php file in the admin/js/ directory.	7.2	High

Chadhaajay PHPKB 9.0 Enterprise Edition

CPE Details

CPE Name: cpe:2.3:a:chadhaajay:phpkb:9.0:*:*:*:enterprise:*:*:*

Informations

Vendor

Product

Version

Software Edition

Related CVE

CPE Name: cpe:2.3:a:chadhaajay:phpkb:9.0::::enterprise:::