彙總 damicms 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
已披露問題常與 路徑處理缺陷、跨站腳本與輸入驗證問題 相關,可能在 生產負載與軟體部署 場景中帶來 異常行為與工作階段劫持 等暴露風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2020-21236 | A vulnerability in /damicms-master/admin.php?s=/Article/doedit of DamiCMS v6.0 allows attackers to compromise and impersonate user accounts via obtaining a user's session cookie. | [email protected] | 8.8 | 0.54% | 2021-12-27 | 2026-06-16 |
| CVE-2020-18458 | Cross Site Request Forgery (CSRF) vulnerability exists in DamiCMS v6.0.6 that can add an admin account via admin.php?s=/Admin/doadd. | [email protected] | 8.0 | 0.46% | 2021-08-12 | 2026-06-16 |
| CVE-2020-18451 | Cross Site Scripting (XSS) vulnerability exists in DamiCMS v6.0.6 via the title parameter in the doadd function in LabelAction.class.php. | [email protected] | 4.8 | 0.53% | 2021-08-12 | 2026-06-16 |
| CVE-2018-14831 | An arbitrary file read vulnerability in DamiCMS v6.0.0 allows remote authenticated administrators to read any files in the server via a crafted /admin.php?s=Tpl/Add/id/ URI. | [email protected] | 4.9 | 1.59% | 2019-07-10 | 2026-06-16 |
| CVE-2018-20571 | DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global configuration file. | [email protected] | 7.5 | 1.37% | 2018-12-28 | 2026-06-16 |
| CVE-2018-16331 | admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password. | [email protected] | 8.8 | 0.52% | 2018-09-01 | 2026-06-16 |
| CVE-2018-16239 | An issue was discovered in damiCMS V6.0.1. It relies on the PHP time() function for cookies, which makes it possible to determine the cookie for an existing admin session via 10800 guesses. | [email protected] | 9.8 | 1.23% | 2018-08-30 | 2026-06-16 |
| CVE-2018-16238 | An issue was discovered in damiCMS V6.0.1. Remote code execution can occur via PHP code in a multipart/form-data POST to the admin.php?s=/Tpl/Update.html URI. For example, this can update the Web/Tpl/default/head.html file. | [email protected] | 7.2 | 2.15% | 2018-08-30 | 2026-06-16 |
| CVE-2018-16237 | An issue was discovered in damiCMS V6.0.1. There is Directory Traversal via '|' characters in the s parameter to admin.php, as demonstrated by an admin.php?s=Tpl/Add/id/c:|windows|win.ini URI. | [email protected] | 2.7 | 1.18% | 2018-08-30 | 2026-06-16 |
| CVE-2018-15844 | An issue was discovered in DamiCMS 6.0.0. There is an CSRF vulnerability that can revise the administrator account's password via /admin.php?s=/Admin/doedit. | [email protected] | 8.8 | 2.47% | 2018-08-25 | 2026-06-16 |
| CVE-2018-13031 | DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account. | [email protected] | 8.8 | 1.09% | 2018-07-05 | 2026-06-16 |