Every CVE whose affected-product data names Chadhaajay Phpkb, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (119)
CVE-2020-10478 — CVSS 8.8 (high): CSRF in admin/manage-settings.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to change the global settings, potentially…
CVE-2020-11579 — CVSS 7.5 (high): An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part of the installation process) allows a…
CVE-2020-10390 — CVSS 7.2 (high): OS Command Injection in export.php (vulnerable function called from include/functions-article.php) in Chadha PHPKB Standard Multi-Language…
CVE-2020-10386 — CVSS 7.2 (high): admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by uploading…
CVE-2020-10389 — CVSS 7.2 (high): admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by injecting PHP code…
CVE-2020-10458 — CVSS 6.5 (medium): Path Traversal in admin/imagepaster/operations.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete any folder on the…
CVE-2020-10501 — CVSS 6.5 (medium): CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a department, given the id, via a…
CVE-2020-10498 — CVSS 6.5 (medium): CSRF in admin/edit-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a category, given the id, via a crafted…
CVE-2020-10497 — CVSS 6.5 (medium): CSRF in admin/manage-categories.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a category via a crafted request.
CVE-2020-10461 — CVSS 6.1 (medium): The way comments in article.php (vulnerable function in include/functions-article.php) are handled in Chadha PHPKB Standard Multi-Language…
CVE-2020-10388 — CVSS 5.4 (medium): The way the Referer header in article.php is handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored (Blind)…
CVE-2020-10460 — CVSS 4.9 (medium): admin/include/operations.php (via admin/email-harvester.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject untrusted…
CVE-2020-10387 — CVSS 4.9 (medium): Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to download files from the server…
CVE-2020-10403 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10404 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10405 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10406 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10407 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10408 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10409 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10410 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10411 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10412 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10413 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10414 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10415 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10416 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10417 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10418 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10419 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10420 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10421 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10422 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10423 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10424 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10425 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10426 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10427 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10428 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10429 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10430 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10431 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10432 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10433 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10434 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10435 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10436 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10437 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10438 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10439 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10440 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10441 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10442 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10443 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10444 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10445 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10446 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10447 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10448 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10449 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10450 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10451 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10452 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10453 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10454 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10455 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10456 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10462 — CVSS 4.8 (medium): Reflected XSS in admin/edit-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via…
CVE-2020-10463 — CVSS 4.8 (medium): Reflected XSS in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML…
CVE-2020-10464 — CVSS 4.8 (medium): Reflected XSS in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML…
CVE-2020-10465 — CVSS 4.8 (medium): Reflected XSS in admin/edit-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML…
CVE-2020-10466 — CVSS 4.8 (medium): Reflected XSS in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML…
CVE-2020-10467 — CVSS 4.8 (medium): Reflected XSS in admin/edit-comment.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML…
CVE-2020-10468 — CVSS 4.8 (medium): Reflected XSS in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via…
CVE-2020-10469 — CVSS 4.8 (medium): Reflected XSS in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or…
CVE-2020-10470 — CVSS 4.8 (medium): Reflected XSS in admin/manage-fields.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML…
CVE-2020-10472 — CVSS 4.8 (medium): Reflected XSS in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or…
CVE-2020-10473 — CVSS 4.8 (medium): Reflected XSS in admin/manage-categories.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or…
CVE-2020-10474 — CVSS 4.8 (medium): Reflected XSS in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or…
CVE-2020-10475 — CVSS 4.8 (medium): Reflected XSS in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML…
CVE-2020-10476 — CVSS 4.8 (medium): Reflected XSS in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or…
CVE-2020-10477 — CVSS 4.8 (medium): Reflected XSS in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML…
CVE-2020-10391 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10392 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10393 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10394 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10395 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10396 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10397 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10398 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10399 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10400 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10401 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10402 — CVSS 4.8 (medium): The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script…
CVE-2020-10481 — CVSS 4.3 (medium): CSRF in admin/add-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new glossary term via a crafted request.
CVE-2020-10482 — CVSS 4.3 (medium): CSRF in admin/add-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new article template via a crafted…
CVE-2020-10483 — CVSS 4.3 (medium): CSRF in admin/ajax-hub.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to post a comment on any article via a crafted…
CVE-2020-10484 — CVSS 4.3 (medium): CSRF in admin/add-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to create a custom field via a crafted request.
CVE-2020-10485 — CVSS 4.3 (medium): CSRF in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article via a crafted request.
CVE-2020-10486 — CVSS 4.3 (medium): CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a comment via a crafted request.
CVE-2020-10487 — CVSS 4.3 (medium): CSRF in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a glossary term via a crafted…
CVE-2020-10488 — CVSS 4.3 (medium): CSRF in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a news article via a crafted request.
CVE-2020-10489 — CVSS 4.3 (medium): CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a ticket via a crafted request.
CVE-2020-10490 — CVSS 4.3 (medium): CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a department via a crafted…
CVE-2020-10491 — CVSS 4.3 (medium): CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a department via a crafted request.
CVE-2020-10492 — CVSS 4.3 (medium): CSRF in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article template via a crafted…
CVE-2020-10493 — CVSS 4.3 (medium): CSRF in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a glossary term, given the id, via a…
CVE-2020-10494 — CVSS 4.3 (medium): CSRF in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a news article, given the id, via a crafted…
CVE-2020-10495 — CVSS 4.3 (medium): CSRF in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article template, given the id, via a…
CVE-2020-10496 — CVSS 4.3 (medium): CSRF in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article, given the id, via a crafted…
CVE-2020-10480 — CVSS 4.3 (medium): CSRF in admin/add-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new category via a crafted request.
CVE-2020-10479 — CVSS 4.3 (medium): CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new news article via a crafted request.
CVE-2020-10499 — CVSS 4.3 (medium): CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to close any ticket, given the id, via a…
CVE-2020-10500 — CVSS 4.3 (medium): CSRF in admin/reply-ticket.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to reply to any ticket, given the id, via a…
CVE-2020-10503 — CVSS 4.3 (medium): CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to disapprove any comment, given the id, via a…
CVE-2020-10504 — CVSS 4.3 (medium): CSRF in admin/edit-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a comment, given the id, via a crafted…
CVE-2020-10502 — CVSS 4.3 (medium): CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to approve any comment, given the id, via a…
CVE-2020-10459 — CVSS 2.7 (low): Path Traversal in admin/assetmanager/assetmanager.php (vulnerable function saved in admin/assetmanager/functions.php) in Chadha PHPKB…
CVE-2020-10457 — CVSS 2.7 (low): Path Traversal in admin/imagepaster/image-renaming.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to rename any file on the…