AutismJH/damicms

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-18458 ↗	Aug 12, 2021Thursday, 12 August 2021, 19:15	8 HIGH	6 MEDIUM
Cross Site Request Forgery (CSRF) vulnerability exists in DamiCMS v6.0.6 that can add an admin account via admin.php?s=/Admin/doadd.
CVE-2020-18451 ↗	Aug 12, 2021Thursday, 12 August 2021, 18:15	4.8 MEDIUM	3.5 LOW
Cross Site Scripting (XSS) vulnerability exists in DamiCMS v6.0.6 via the title parameter in the doadd function in LabelAction.class.php.
CVE-2018-20571 ↗	Dec 28, 2018Friday, 28 December 2018, 16:29	—	5 MEDIUM
DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global configuration file.
CVE-2018-13031 ↗	Jul 5, 2018Thursday, 5 July 2018, 20:29	—	6.8 MEDIUM
DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account.