CVEFinder.io

CVE-2020-10389

⚠️ high
🔍 Scan for this CVE
Summary

admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by injecting PHP code into any POST parameter when saving global settings.

CVSS Score
7.2
High
EPSS Score
9.0
Exploit Probability
Published Date
2020-03-12
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 55.5% of all 325,576 vulnerabilities in our database.

#144,832
Above average severity
Severity Percentile
Last Modified 2024-11-21
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-94

📦 Affected Products 1

Vendor Product Status Affected Versions
chadhaajay phpkb Affected
v9.0

🔗 References 4

http://antoniocannito.it/?p=137#rce2
Exploit Third Party Advisory
http://packetstormsecurity.com/files/156751/PHPKB-Mu...
Exploit Third Party Advisory VDB Entry
https://antoniocannito.it/phpkb1#authenticated-remot...
Exploit Third Party Advisory
https://www.exploit-db.com/exploits/48219
Exploit Third Party Advisory VDB Entry

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2020-11579 ⚠️ high 7.5 36.7 An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part of the installation ... 2020-09-03
CVE-2020-10386 ⚠️ high 7.2 18.7 admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Exe... 2020-03-12
CVE-2020-10387 🔶 medium 4.9 12.8 Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to download files... 2020-03-12
CVE-2020-10388 🔶 medium 5.4 0.3 The way the Referer header in article.php is handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execu... 2020-03-12
CVE-2020-10390 ⚠️ high 7.2 4.7 OS Command Injection in export.php (vulnerable function called from include/functions-article.php) in Chadha PHPKB Stand... 2020-03-12
CVE-2020-10391 🔶 medium 4.8 0.3 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting a... 2020-03-12
These CVEs affect the same products