Vulnerabilities > Damicms > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-27 | CVE-2020-21236 | Cross-Site Request Forgery (CSRF) vulnerability in Damicms 6.0.0 A vulnerability in /damicms-master/admin.php?s=/Article/doedit of DamiCMS v6.0 allows attackers to compromise and impersonate user accounts via obtaining a user's session cookie. | 8.8 |
| 2021-08-12 | CVE-2020-18458 | Cross-Site Request Forgery (CSRF) vulnerability in Damicms 6.0.6 Cross Site Request Forgery (CSRF) vulnerability exists in DamiCMS v6.0.6 that can add an admin account via admin.php?s=/Admin/doadd. | 8.0 |
| 2018-12-28 | CVE-2018-20571 | Information Exposure vulnerability in Damicms 6.0.1 DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global configuration file. | 7.5 |
| 2018-09-02 | CVE-2018-16331 | Cross-Site Request Forgery (CSRF) vulnerability in Damicms 6.0.0 admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password. | 8.8 |
| 2018-08-30 | CVE-2018-16238 | Improper Input Validation vulnerability in Damicms 6.0.1 An issue was discovered in damiCMS V6.0.1. | 7.2 |
| 2018-08-25 | CVE-2018-15844 | Cross-Site Request Forgery (CSRF) vulnerability in Damicms 6.0.0 An issue was discovered in DamiCMS 6.0.0. | 8.8 |
| 2018-07-05 | CVE-2018-13031 | Cross-Site Request Forgery (CSRF) vulnerability in Damicms 6.0.0 DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account. | 8.8 |