Antonio Cannito - Security Researcher - Exploit Intelligence Platform

CVE-2020-10389 EXPLOITDB HIGH python WORKING POC

Chadha PHPKB Standard Multi-Language 9 - Authenticated Remote Code Execution via Global Settings POST Parameters

admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by injecting PHP code into any POST parameter when saving global settings.

CVSS 7.2

View Code

CVE-2020-10386 EXPLOITDB HIGH python WORKING POC

Chadha PHPKB Standard Multi-Language 9 - Unauthenticated Remote Code Execution via Image Upload

admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by uploading a .php file in the admin/js/ directory.

CVSS 7.2

View Code

CVE-2020-10387 EXPLOITDB MEDIUM python WORKING POC

Chadha PHPKB Standard Multi-Language 9 - Authenticated Path Traversal via Download Parameter

Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to download files from the server using a dot-dot-slash sequence (../) via the GET parameter file.

CVSS 4.9

View Code