Vulnerabilities > CVE-2020-19890 - Missing Authorization vulnerability in Dbhcms Project Dbhcms 1.2.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
DBHcms v1.2.0 has an Arbitrary file read vulnerability in dbhcms\mod\mod.editor.php $_GET['file'] is filename,and as there is no filter function for security, you can read any file's content.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |