Skip to main content

Damicms

7 CVEs product

Monthly

CVE-2018-20571 HIGH This Week

DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Damicms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-16331 HIGH POC This Week

admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Damicms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-16239 CRITICAL POC Act Now

An issue was discovered in damiCMS V6.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Damicms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-16238 HIGH POC This Week

An issue was discovered in damiCMS V6.0.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Damicms
NVD GitHub
CVSS 3.0
7.2
EPSS
2.2%
CVE-2018-16237 LOW POC Monitor

An issue was discovered in damiCMS V6.0.1. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Path Traversal PHP Damicms
NVD GitHub
CVSS 3.0
2.7
EPSS
1.2%
CVE-2018-15844 HIGH POC This Week

An issue was discovered in DamiCMS 6.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Damicms
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-13031 HIGH POC This Week

DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Damicms
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
1.1%
EPSS 1% CVSS 7.5
HIGH This Week

DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Damicms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Damicms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in damiCMS V6.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Damicms
NVD GitHub
EPSS 2% CVSS 7.2
HIGH POC This Week

An issue was discovered in damiCMS V6.0.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Damicms
NVD GitHub
EPSS 1% CVSS 2.7
LOW POC Monitor

An issue was discovered in damiCMS V6.0.1. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Path Traversal PHP +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

An issue was discovered in DamiCMS 6.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Damicms
NVD GitHub Exploit-DB
EPSS 1% CVSS 8.8
HIGH POC This Week

DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Damicms
NVD GitHub Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy