Damicms: >> Damicms >> 6.0.0 Security Vulnerabilities
A vulnerability in /damicms-master/admin.php?s=/Article/doedit of DamiCMS v6.0 allows attackers to compromise and impersonate user accounts via obtaining a user's session cookie.
CVSS Score
8.8
EPSS Score
0.002
Published
2021-12-27
An arbitrary file read vulnerability in DamiCMS v6.0.0 allows remote authenticated administrators to read any files in the server via a crafted /admin.php?s=Tpl/Add/id/ URI.
CVSS Score
4.9
EPSS Score
0.003
Published
2019-07-10
admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-09-02
An issue was discovered in DamiCMS 6.0.0. There is an CSRF vulnerability that can revise the administrator account's password via /admin.php?s=/Admin/doedit.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-08-25
DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-07-05