Vulnerabilities > Damicms > Damicms > 6.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-27 | CVE-2020-21236 | Cross-Site Request Forgery (CSRF) vulnerability in Damicms 6.0.0 A vulnerability in /damicms-master/admin.php?s=/Article/doedit of DamiCMS v6.0 allows attackers to compromise and impersonate user accounts via obtaining a user's session cookie. | 6.8 |
| 2019-07-10 | CVE-2018-14831 | Information Exposure vulnerability in Damicms 6.0.0 An arbitrary file read vulnerability in DamiCMS v6.0.0 allows remote authenticated administrators to read any files in the server via a crafted /admin.php?s=Tpl/Add/id/ URI. | 4.0 |
| 2018-09-02 | CVE-2018-16331 | Cross-Site Request Forgery (CSRF) vulnerability in Damicms 6.0.0 admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password. | 6.8 |
| 2018-08-25 | CVE-2018-15844 | Cross-Site Request Forgery (CSRF) vulnerability in Damicms 6.0.0 An issue was discovered in DamiCMS 6.0.0. | 6.8 |
| 2018-07-05 | CVE-2018-13031 | Cross-Site Request Forgery (CSRF) vulnerability in Damicms 6.0.0 DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account. | 6.8 |