chadhaajay CVE Vulnerabilities & Metrics

Focus on chadhaajay vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About chadhaajay Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with chadhaajay. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total chadhaajay CVEs: 119
Earliest CVE date: 12 Mar 2020, 13:15 UTC
Latest CVE date: 03 Sep 2020, 18:15 UTC

Latest CVE reference: CVE-2020-11579

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical chadhaajay CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 3.83

Max CVSS: 6.8

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	82
4.0-6.9	37
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS chadhaajay CVEs

These are the five CVEs with the highest CVSS scores for chadhaajay, sorted by severity first and recency.

CVE-2020-10478 chadhaajay Published on 12 Mar 2020, 14:15 UTC (CVSS: 6.8)
CSRF in admin/manage-settings.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to change the global settings, potentially gaining code execution or causing a denial of service, via a crafted request.
CVE-2020-10390 chadhaajay Published on 12 Mar 2020, 14:15 UTC (CVSS: 6.5)
OS Command Injection in export.php (vulnerable function called from include/functions-article.php) in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by saving the code to be executed as the wkhtmltopdf path via admin/save-settings.php.
CVE-2020-10389 chadhaajay Published on 12 Mar 2020, 14:15 UTC (CVSS: 6.5)
admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by injecting PHP code into any POST parameter when saving global settings.
CVE-2020-10386 chadhaajay Published on 12 Mar 2020, 13:15 UTC (CVSS: 6.5)
admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by uploading a .php file in the admin/js/ directory.
CVE-2020-10458 chadhaajay Published on 12 Mar 2020, 14:15 UTC (CVSS: 5.5)
Path Traversal in admin/imagepaster/operations.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete any folder on the webserver using a dot-dot-slash sequence (../) via the GET parameter crdir, when the GET parameter action is set to df, causing a Denial of Service.

All CVEs for chadhaajay

CVE-2020-11579 chadhaajay vulnerability CVSS: 5.0 03 Sep 2020, 18:15 UTC

An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part of the installation process) allows a remote unauthenticated attacker to disclose local files on hosts running PHP before 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFILE option is enabled.

CVE-2020-10504 chadhaajay vulnerability CVSS: 4.3 12 Mar 2020, 14:15 UTC

CSRF in admin/edit-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a comment, given the id, via a crafted request.

CVE-2020-10503 chadhaajay vulnerability CVSS: 4.3 12 Mar 2020, 14:15 UTC

CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to disapprove any comment, given the id, via a crafted request.

CVE-2020-10502 chadhaajay vulnerability CVSS: 4.3 12 Mar 2020, 14:15 UTC

CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to approve any comment, given the id, via a crafted request.

CVE-2020-10501 chadhaajay vulnerability CVSS: 4.3 12 Mar 2020, 14:15 UTC

CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a department, given the id, via a crafted request.

CVE-2020-10500 chadhaajay vulnerability CVSS: 4.3 12 Mar 2020, 14:15 UTC

CSRF in admin/reply-ticket.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to reply to any ticket, given the id, via a crafted request.

CVE-2020-10499 chadhaajay vulnerability CVSS: 4.3 12 Mar 2020, 14:15 UTC

CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to close any ticket, given the id, via a crafted request.

CVE-2020-10498 chadhaajay vulnerability CVSS: 4.3 12 Mar 2020, 14:15 UTC

CSRF in admin/edit-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a category, given the id, via a crafted request.

CVE-2020-10497 chadhaajay vulnerability CVSS: 4.3 12 Mar 2020, 14:15 UTC

CSRF in admin/manage-categories.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a category via a crafted request.

CVE-2020-10496 chadhaajay vulnerability CVSS: 4.3 12 Mar 2020, 14:15 UTC

CSRF in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article, given the id, via a crafted request.

CVE-2020-10495 chadhaajay vulnerability CVSS: 4.3 12 Mar 2020, 14:15 UTC

CSRF in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article template, given the id, via a crafted request.

CVE-2020-10494 chadhaajay vulnerability CVSS: 4.3 12 Mar 2020, 14:15 UTC

CSRF in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a news article, given the id, via a crafted request.

CVE-2020-10493 chadhaajay vulnerability CVSS: 4.3 12 Mar 2020, 14:15 UTC

CSRF in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a glossary term, given the id, via a crafted request.

CVE-2020-10492 chadhaajay vulnerability CVSS: 4.3 12 Mar 2020, 14:15 UTC

CSRF in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article template via a crafted request.

CVE-2020-10491 chadhaajay vulnerability CVSS: 4.3 12 Mar 2020, 14:15 UTC

CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a department via a crafted request.

CVE-2020-10490 chadhaajay vulnerability CVSS: 4.3 12 Mar 2020, 14:15 UTC

CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a department via a crafted request.

CVE-2020-10489 chadhaajay vulnerability CVSS: 4.3 12 Mar 2020, 14:15 UTC

CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a ticket via a crafted request.

CVE-2020-10488 chadhaajay vulnerability CVSS: 4.3 12 Mar 2020, 14:15 UTC

CSRF in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a news article via a crafted request.

CVE-2020-10487 chadhaajay vulnerability CVSS: 4.3 12 Mar 2020, 14:15 UTC

CSRF in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a glossary term via a crafted request.

CVE-2020-10486 chadhaajay vulnerability CVSS: 4.3 12 Mar 2020, 14:15 UTC

CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a comment via a crafted request.

CVE-2020-10485 chadhaajay vulnerability CVSS: 4.3 12 Mar 2020, 14:15 UTC

CSRF in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article via a crafted request.

CVE-2020-10484 chadhaajay vulnerability CVSS: 4.3 12 Mar 2020, 14:15 UTC

CSRF in admin/add-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to create a custom field via a crafted request.

CVE-2020-10483 chadhaajay vulnerability CVSS: 4.3 12 Mar 2020, 14:15 UTC

CSRF in admin/ajax-hub.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to post a comment on any article via a crafted request.

CVE-2020-10482 chadhaajay vulnerability CVSS: 4.3 12 Mar 2020, 14:15 UTC

CSRF in admin/add-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new article template via a crafted request.

CVE-2020-10481 chadhaajay vulnerability CVSS: 4.3 12 Mar 2020, 14:15 UTC

CSRF in admin/add-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new glossary term via a crafted request.

CVE-2020-10480 chadhaajay vulnerability CVSS: 4.3 12 Mar 2020, 14:15 UTC

CSRF in admin/add-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new category via a crafted request.

CVE-2020-10479 chadhaajay vulnerability CVSS: 4.3 12 Mar 2020, 14:15 UTC

CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new news article via a crafted request.

CVE-2020-10478 chadhaajay vulnerability CVSS: 6.8 12 Mar 2020, 14:15 UTC

CSRF in admin/manage-settings.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to change the global settings, potentially gaining code execution or causing a denial of service, via a crafted request.

CVE-2020-10477 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

Reflected XSS in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.

CVE-2020-10476 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

Reflected XSS in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.

CVE-2020-10475 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

Reflected XSS in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.

CVE-2020-10474 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

Reflected XSS in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.

CVE-2020-10473 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

Reflected XSS in admin/manage-categories.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.

CVE-2020-10472 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

Reflected XSS in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.

CVE-2020-10470 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

Reflected XSS in admin/manage-fields.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.

CVE-2020-10469 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

Reflected XSS in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.

CVE-2020-10468 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

Reflected XSS in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.

CVE-2020-10467 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

Reflected XSS in admin/edit-comment.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.

CVE-2020-10466 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

Reflected XSS in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.

CVE-2020-10465 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

Reflected XSS in admin/edit-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.

CVE-2020-10464 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

Reflected XSS in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.

CVE-2020-10463 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

Reflected XSS in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.

CVE-2020-10462 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

Reflected XSS in admin/edit-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.

CVE-2020-10461 chadhaajay vulnerability CVSS: 4.3 12 Mar 2020, 14:15 UTC

The way comments in article.php (vulnerable function in include/functions-article.php) are handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in admin/manage-comments.php, via the GET parameter cmt.

CVE-2020-10460 chadhaajay vulnerability CVSS: 4.0 12 Mar 2020, 14:15 UTC

admin/include/operations.php (via admin/email-harvester.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject untrusted input inside CSV files via the POST parameter data.

CVE-2020-10459 chadhaajay vulnerability CVSS: 4.0 12 Mar 2020, 14:15 UTC

Path Traversal in admin/assetmanager/assetmanager.php (vulnerable function saved in admin/assetmanager/functions.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to list the files that are stored on the webserver using a dot-dot-slash sequence (../) via the POST parameter inpCurrFolder.

CVE-2020-10458 chadhaajay vulnerability CVSS: 5.5 12 Mar 2020, 14:15 UTC

Path Traversal in admin/imagepaster/operations.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete any folder on the webserver using a dot-dot-slash sequence (../) via the GET parameter crdir, when the GET parameter action is set to df, causing a Denial of Service.

CVE-2020-10457 chadhaajay vulnerability CVSS: 4.0 12 Mar 2020, 14:15 UTC

Path Traversal in admin/imagepaster/image-renaming.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to rename any file on the webserver using a dot-dot-slash sequence (../) via the POST parameter imgName (for the new name) and imgUrl (for the current file to be renamed).

CVE-2020-10456 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/trash-box.php by adding a question mark (?) followed by the payload.

CVE-2020-10455 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/translate.php by adding a question mark (?) followed by the payload.

CVE-2020-10454 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/sitemap-generator.php by adding a question mark (?) followed by the payload.

CVE-2020-10453 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/search-users.php by adding a question mark (?) followed by the payload.

CVE-2020-10452 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/save-article.php by adding a question mark (?) followed by the payload.

CVE-2020-10451 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-user.php by adding a question mark (?) followed by the payload.

CVE-2020-10450 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-traffic.php by adding a question mark (?) followed by the payload.

CVE-2020-10449 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-search.php by adding a question mark (?) followed by the payload.

CVE-2020-10448 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-referrers.php by adding a question mark (?) followed by the payload.

CVE-2020-10447 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-failed-login.php by adding a question mark (?) followed by the payload.

CVE-2020-10446 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-category.php by adding a question mark (?) followed by the payload.

CVE-2020-10445 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article.php by adding a question mark (?) followed by the payload.

CVE-2020-10444 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-rated.php by adding a question mark (?) followed by the payload.

CVE-2020-10443 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-printed.php by adding a question mark (?) followed by the payload.

CVE-2020-10442 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-popular.php by adding a question mark (?) followed by the payload.

CVE-2020-10441 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-monthly.php by adding a question mark (?) followed by the payload.

CVE-2020-10440 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-mailed.php by adding a question mark (?) followed by the payload.

CVE-2020-10439 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-discussed.php by adding a question mark (?) followed by the payload.

CVE-2020-10438 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/reply-ticket.php by adding a question mark (?) followed by the payload.

CVE-2020-10437 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/optimize-database.php by adding a question mark (?) followed by the payload.

CVE-2020-10436 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/my-profile.php by adding a question mark (?) followed by the payload.

CVE-2020-10435 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/my-languages.php by adding a question mark (?) followed by the payload.

CVE-2020-10434 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-versions.php by adding a question mark (?) followed by the payload.

CVE-2020-10433 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-users.php by adding a question mark (?) followed by the payload.

CVE-2020-10432 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-tickets.php by adding a question mark (?) followed by the payload.

CVE-2020-10431 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-templates.php by adding a question mark (?) followed by the payload.

CVE-2020-10430 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-subscribers.php by adding a question mark (?) followed by the payload.

CVE-2020-10429 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-settings.php by adding a question mark (?) followed by the payload.

CVE-2020-10428 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-news.php by adding a question mark (?) followed by the payload.

CVE-2020-10427 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-languages.php by adding a question mark (?) followed by the payload.

CVE-2020-10426 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-groups.php by adding a question mark (?) followed by the payload.

CVE-2020-10425 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-glossary.php by adding a question mark (?) followed by the payload.

CVE-2020-10424 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-fields.php by adding a question mark (?) followed by the payload.

CVE-2020-10423 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-feedbacks.php by adding a question mark (?) followed by the payload.

CVE-2020-10422 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-drafts.php by adding a question mark (?) followed by the payload.

CVE-2020-10421 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-departments.php by adding a question mark (?) followed by the payload.

CVE-2020-10420 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-comments.php by adding a question mark (?) followed by the payload.

CVE-2020-10419 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-categories.php by adding a question mark (?) followed by the payload.

CVE-2020-10418 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-attachments.php by adding a question mark (?) followed by the payload.

CVE-2020-10417 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-articles.php by adding a question mark (?) followed by the payload.

CVE-2020-10416 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/kb-backup.php by adding a question mark (?) followed by the payload.

CVE-2020-10415 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/index.php by adding a question mark (?) followed by the payload.

CVE-2020-10414 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/index-attachments.php by adding a question mark (?) followed by the payload.

CVE-2020-10413 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/import-html.php by adding a question mark (?) followed by the payload.

CVE-2020-10412 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/import-csv.php by adding a question mark (?) followed by the payload.

CVE-2020-10411 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/email-harvester.php by adding a question mark (?) followed by the payload.

CVE-2020-10410 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-user.php by adding a question mark (?) followed by the payload.

CVE-2020-10409 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-template.php by adding a question mark (?) followed by the payload.

CVE-2020-10408 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-subscriber.php by adding a question mark (?) followed by the payload.

CVE-2020-10407 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-news.php by adding a question mark (?) followed by the payload.

CVE-2020-10406 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-group.php by adding a question mark (?) followed by the payload.

CVE-2020-10405 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-glossary.php by adding a question mark (?) followed by the payload.

CVE-2020-10404 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-field.php by adding a question mark (?) followed by the payload.

CVE-2020-10403 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-comment.php by adding a question mark (?) followed by the payload.

CVE-2020-10402 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-category.php by adding a question mark (?) followed by the payload.

CVE-2020-10401 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-article.php by adding a question mark (?) followed by the payload.

CVE-2020-10400 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/article-collaboration.php by adding a question mark (?) followed by the payload.

CVE-2020-10399 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-user.php by adding a question mark (?) followed by the payload.

CVE-2020-10398 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-template.php by adding a question mark (?) followed by the payload.

CVE-2020-10397 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-news.php by adding a question mark (?) followed by the payload.

CVE-2020-10396 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-language.php by adding a question mark (?) followed by the payload.

CVE-2020-10395 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-group.php by adding a question mark (?) followed by the payload.

CVE-2020-10394 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-glossary.php by adding a question mark (?) followed by the payload.

CVE-2020-10393 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-field.php by adding a question mark (?) followed by the payload.

CVE-2020-10392 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-category.php by adding a question mark (?) followed by the payload.

CVE-2020-10391 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-article.php by adding a question mark (?) followed by the payload.

CVE-2020-10390 chadhaajay vulnerability CVSS: 6.5 12 Mar 2020, 14:15 UTC

OS Command Injection in export.php (vulnerable function called from include/functions-article.php) in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by saving the code to be executed as the wkhtmltopdf path via admin/save-settings.php.

CVE-2020-10389 chadhaajay vulnerability CVSS: 6.5 12 Mar 2020, 14:15 UTC

admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by injecting PHP code into any POST parameter when saving global settings.

CVE-2020-10388 chadhaajay vulnerability CVSS: 3.5 12 Mar 2020, 14:15 UTC

The way the Referer header in article.php is handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in admin/report-referrers.php (vulnerable file admin/include/functions-articles.php).

CVE-2020-10387 chadhaajay vulnerability CVSS: 4.0 12 Mar 2020, 14:15 UTC

Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to download files from the server using a dot-dot-slash sequence (../) via the GET parameter file.

CVE-2020-10386 chadhaajay vulnerability CVSS: 6.5 12 Mar 2020, 13:15 UTC

admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by uploading a .php file in the admin/js/ directory.