Damicms

damicms

Vendor: Damicms • 11 CVEs

CVEs (11)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-21236 1Damicms 1Damicms Jun 17, 2026 Dec 27, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability in /damicms-master/admin.php?s=/Article/doedit of DamiCMS v6.0 allows attackers to compromise and impersonate user accounts via obtaining a user's session cookie.
CVE-2020-18458 1Damicms 1Damicms Jun 17, 2026 Aug 12, 2021 N/A· v4 8.0 HIGH· v3 6.0 MEDIUM· v2 Cross Site Request Forgery (CSRF) vulnerability exists in DamiCMS v6.0.6 that can add an admin account via admin.php?s=/Admin/doadd.
CVE-2020-18451 1Damicms 1Damicms Jun 17, 2026 Aug 12, 2021 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 Cross Site Scripting (XSS) vulnerability exists in DamiCMS v6.0.6 via the title parameter in the doadd function in LabelAction.class.php.
CVE-2018-14831 1Damicms 1Damicms Nov 21, 2024 Jul 10, 2019 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 An arbitrary file read vulnerability in DamiCMS v6.0.0 allows remote authenticated administrators to read any files in the server via a crafted /admin.php?s=Tpl/Add/id/ URI.
CVE-2018-20571 1Damicms 1Damicms Nov 21, 2024 Dec 28, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global configuration file.
CVE-2018-16331 1Damicms 1Damicms Nov 21, 2024 Sep 2, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password.
CVE-2018-16239 1Damicms 1Damicms Nov 21, 2024 Aug 30, 2018 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 An issue was discovered in damiCMS V6.0.1. It relies on the PHP time() function for cookies, which makes it possible to determine the cookie for an existing admin session via 10800 guesses.
CVE-2018-16238 1Damicms 1Damicms Nov 21, 2024 Aug 30, 2018 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 An issue was discovered in damiCMS V6.0.1. Remote code execution can occur via PHP code in a multipart/form-data POST to the admin.php?s=/Tpl/Update.html URI. For example, this can update the Web/Tpl/default/head.html fi...Show more An issue was discovered in damiCMS V6.0.1. Remote code execution can occur via PHP code in a multipart/form-data POST to the admin.php?s=/Tpl/Update.html URI. For example, this can update the Web/Tpl/default/head.html file.Show less
CVE-2018-16237 1Damicms 1Damicms Nov 21, 2024 Aug 30, 2018 N/A· v4 2.7 LOW· v3 4.0 MEDIUM· v2 An issue was discovered in damiCMS V6.0.1. There is Directory Traversal via '\|' characters in the s parameter to admin.php, as demonstrated by an admin.php?s=Tpl/Add/id/c:\|windows\|win.ini URI.
CVE-2018-15844 1Damicms 1Damicms Nov 21, 2024 Aug 25, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in DamiCMS 6.0.0. There is an CSRF vulnerability that can revise the administrator account's password via /admin.php?s=/Admin/doedit.
CVE-2018-13031 1Damicms 1Damicms Nov 21, 2024 Jul 5, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account.