Vulnerabilities > Damicms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-27 | CVE-2020-21236 | Cross-Site Request Forgery (CSRF) vulnerability in Damicms 6.0.0 A vulnerability in /damicms-master/admin.php?s=/Article/doedit of DamiCMS v6.0 allows attackers to compromise and impersonate user accounts via obtaining a user's session cookie. | 8.8 |
| 2021-08-12 | CVE-2020-18458 | Cross-Site Request Forgery (CSRF) vulnerability in Damicms 6.0.6 Cross Site Request Forgery (CSRF) vulnerability exists in DamiCMS v6.0.6 that can add an admin account via admin.php?s=/Admin/doadd. | 8.0 |
| 2021-08-12 | CVE-2020-18451 | Cross-site Scripting vulnerability in Damicms 6.0.6 Cross Site Scripting (XSS) vulnerability exists in DamiCMS v6.0.6 via the title parameter in the doadd function in LabelAction.class.php. | 4.8 |
| 2019-07-10 | CVE-2018-14831 | Information Exposure vulnerability in Damicms 6.0.0 An arbitrary file read vulnerability in DamiCMS v6.0.0 allows remote authenticated administrators to read any files in the server via a crafted /admin.php?s=Tpl/Add/id/ URI. | 4.9 |
| 2018-12-28 | CVE-2018-20571 | Information Exposure vulnerability in Damicms 6.0.1 DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global configuration file. | 7.5 |
| 2018-09-02 | CVE-2018-16331 | Cross-Site Request Forgery (CSRF) vulnerability in Damicms 6.0.0 admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password. | 8.8 |
| 2018-08-30 | CVE-2018-16239 | Use of Insufficiently Random Values vulnerability in Damicms 6.0.1 An issue was discovered in damiCMS V6.0.1. | 9.8 |
| 2018-08-30 | CVE-2018-16238 | Improper Input Validation vulnerability in Damicms 6.0.1 An issue was discovered in damiCMS V6.0.1. | 7.2 |
| 2018-08-30 | CVE-2018-16237 | Path Traversal vulnerability in Damicms 6.0.1 An issue was discovered in damiCMS V6.0.1. | 2.7 |
| 2018-08-25 | CVE-2018-15844 | Cross-Site Request Forgery (CSRF) vulnerability in Damicms 6.0.0 An issue was discovered in DamiCMS 6.0.0. | 8.8 |