Vulnerabilities > Chadhaajay > Phpkb > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-03 | CVE-2020-11579 | Missing Authentication for Critical Function vulnerability in Chadhaajay PHPkb 9.0 An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. | 7.5 |
| 2020-03-12 | CVE-2020-10478 | Cross-Site Request Forgery (CSRF) vulnerability in Chadhaajay PHPkb 9.0 CSRF in admin/manage-settings.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to change the global settings, potentially gaining code execution or causing a denial of service, via a crafted request. | 8.8 |
| 2020-03-12 | CVE-2020-10390 | OS Command Injection vulnerability in Chadhaajay PHPkb 9.0 OS Command Injection in export.php (vulnerable function called from include/functions-article.php) in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by saving the code to be executed as the wkhtmltopdf path via admin/save-settings.php. | 7.2 |
| 2020-03-12 | CVE-2020-10389 | Code Injection vulnerability in Chadhaajay PHPkb 9.0 admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by injecting PHP code into any POST parameter when saving global settings. | 7.2 |
| 2020-03-12 | CVE-2020-10386 | Unrestricted Upload of File with Dangerous Type vulnerability in Chadhaajay PHPkb 9.0 admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by uploading a .php file in the admin/js/ directory. | 7.2 |