CVE-2020-10390

Name of the Vulnerable Software and Affected Versions Chadha PHPKB Standard Multi-Language version 9

Description The issue allows remote attackers to achieve code execution by saving the code to be executed as the wkhtmltopdf path via the admin/save-settings.php endpoint. This is made possible through an OS command injection vulnerability in the export.php file, which calls a vulnerable function from include/functions-article.php.

Recommendations For Chadha PHPKB Standard Multi-Language version 9, consider disabling the export.php function until a patch is available to prevent code execution. Restrict access to the admin/save-settings.php endpoint to minimize the risk of exploitation. Avoid using the wkhtmltopdf path in the affected settings until the issue is resolved.