Headline
CVE-2020-10390: Home
OS Command Injection in export.php (vulnerable function called from include/functions-article.php) in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by saving the code to be executed as the wkhtmltopdf path via admin/save-settings.php.
March 19, 2019
Analyzing PHPKB v9: Part one
The first part of a series where I will talk about vulnerabilities found in a knowledge-base software written in PHP. Vulnerabilities analyzed: Arbitrary File Download, Remote Code Execution, Blind Cross-Site Scripting, Arbitrary File Renaming, Arbitrary Folder Deletion, CSV Injection, Arbitrary File Listing.