PT-2020-12059 · Chadha · Chadha Phpkb Standard Multi-Language

Antonio Cannito

Published

2020-03-12

Updated

2022-04-18

CVE-2020-10389

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Chadha PHPKB Standard Multi-Language version 9

Description The issue allows remote attackers to achieve code execution by injecting PHP code into any POST parameter when saving global settings.

Recommendations For Chadha PHPKB Standard Multi-Language version 9, consider validating and sanitizing all POST parameters in the admin/save-settings.php file to prevent PHP code injection. As a temporary workaround, restrict access to the admin/save-settings.php file until a patch is available.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2020-10389

Affected Products

Chadha Phpkb Standard Multi-Language

PT-2020-12059 · Chadha · Chadha Phpkb Standard Multi-Language

CVE-2020-10389

Weakness Enumeration

Related Identifiers

Affected Products

References · 6