PT-2020-12148 · Chadha · Phpkb Standard Multi-Language
Published
2020-03-12
·
Updated
2022-09-12
·
CVE-2020-10478
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Chadha PHPKB Standard Multi-Language version 9
Description
The issue allows attackers to change global settings, potentially leading to code execution or a denial of service, by sending a crafted request to the
admin/manage-settings.php endpoint.Recommendations
For version 9, update to a version that includes a fix for this issue to prevent potential code execution or denial of service.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phpkb Standard Multi-Language