PT-2020-12152 · Chadha · Chadha Phpkb Standard Multi-Language
Published
2020-03-12
·
Updated
2022-09-12
·
CVE-2020-10482
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Chadha PHPKB Standard Multi-Language version 9
Description
The issue allows attackers to add a new article template via a crafted request to the "admin/add-template.php" endpoint. This is made possible by a CSRF weakness.
Recommendations
For Chadha PHPKB Standard Multi-Language version 9, consider implementing proper CSRF protection mechanisms, such as token-based validation, to prevent unauthorized requests to the "admin/add-template.php" endpoint. As a temporary workaround, restrict access to this endpoint to minimize the risk of exploitation.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Chadha Phpkb Standard Multi-Language