damicms CVE Vulnerabilities & Metrics

Focus on damicms vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About damicms Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with damicms. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total damicms CVEs: 11
Earliest CVE date: 05 Jul 2018, 20:29 UTC
Latest CVE date: 27 Dec 2021, 23:15 UTC

Latest CVE reference: CVE-2020-21236

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical damicms CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 5.56

Max CVSS: 6.8

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	1
4.0-6.9	10
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS damicms CVEs

These are the five CVEs with the highest CVSS scores for damicms, sorted by severity first and recency.

CVE-2020-21236 damicms Published on 27 Dec 2021, 23:15 UTC (CVSS: 6.8)
A vulnerability in /damicms-master/admin.php?s=/Article/doedit of DamiCMS v6.0 allows attackers to compromise and impersonate user accounts via obtaining a user's session cookie.
CVE-2018-16331 damicms Published on 02 Sep 2018, 03:29 UTC (CVSS: 6.8)
admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password.
CVE-2018-15844 damicms Published on 25 Aug 2018, 21:29 UTC (CVSS: 6.8)
An issue was discovered in DamiCMS 6.0.0. There is an CSRF vulnerability that can revise the administrator account's password via /admin.php?s=/Admin/doedit.
CVE-2018-13031 damicms Published on 05 Jul 2018, 20:29 UTC (CVSS: 6.8)
DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account.
CVE-2018-16238 damicms Published on 30 Aug 2018, 22:29 UTC (CVSS: 6.5)
An issue was discovered in damiCMS V6.0.1. Remote code execution can occur via PHP code in a multipart/form-data POST to the admin.php?s=/Tpl/Update.html URI. For example, this can update the Web/Tpl/default/head.html file.

All CVEs for damicms

CVE-2020-21236 damicms vulnerability CVSS: 6.8 27 Dec 2021, 23:15 UTC

A vulnerability in /damicms-master/admin.php?s=/Article/doedit of DamiCMS v6.0 allows attackers to compromise and impersonate user accounts via obtaining a user's session cookie.

CVE-2020-18458 damicms vulnerability CVSS: 6.0 12 Aug 2021, 19:15 UTC

Cross Site Request Forgery (CSRF) vulnerability exists in DamiCMS v6.0.6 that can add an admin account via admin.php?s=/Admin/doadd.

CVE-2020-18451 damicms vulnerability CVSS: 3.5 12 Aug 2021, 18:15 UTC

Cross Site Scripting (XSS) vulnerability exists in DamiCMS v6.0.6 via the title parameter in the doadd function in LabelAction.class.php.

CVE-2018-14831 damicms vulnerability CVSS: 4.0 10 Jul 2019, 15:15 UTC

An arbitrary file read vulnerability in DamiCMS v6.0.0 allows remote authenticated administrators to read any files in the server via a crafted /admin.php?s=Tpl/Add/id/ URI.

CVE-2018-20571 damicms vulnerability CVSS: 5.0 28 Dec 2018, 16:29 UTC

DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global configuration file.

CVE-2018-16331 damicms vulnerability CVSS: 6.8 02 Sep 2018, 03:29 UTC

admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password.

CVE-2018-16239 damicms vulnerability CVSS: 5.0 30 Aug 2018, 22:29 UTC

An issue was discovered in damiCMS V6.0.1. It relies on the PHP time() function for cookies, which makes it possible to determine the cookie for an existing admin session via 10800 guesses.

CVE-2018-16238 damicms vulnerability CVSS: 6.5 30 Aug 2018, 22:29 UTC

An issue was discovered in damiCMS V6.0.1. Remote code execution can occur via PHP code in a multipart/form-data POST to the admin.php?s=/Tpl/Update.html URI. For example, this can update the Web/Tpl/default/head.html file.

CVE-2018-16237 damicms vulnerability CVSS: 4.0 30 Aug 2018, 22:29 UTC

An issue was discovered in damiCMS V6.0.1. There is Directory Traversal via '|' characters in the s parameter to admin.php, as demonstrated by an admin.php?s=Tpl/Add/id/c:|windows|win.ini URI.

CVE-2018-15844 damicms vulnerability CVSS: 6.8 25 Aug 2018, 21:29 UTC

An issue was discovered in DamiCMS 6.0.0. There is an CSRF vulnerability that can revise the administrator account's password via /admin.php?s=/Admin/doedit.

CVE-2018-13031 damicms vulnerability CVSS: 6.8 05 Jul 2018, 20:29 UTC

DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account.