Vulnerabilities > CVE-2020-19891 - Out-of-bounds Write vulnerability in Dbhcms Project Dbhcms 1.2.0

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

dbhcms-project

CWE-787

NVD

Published: 2020-08-24

Updated: 2020-08-25

Summary

DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\mod.editor.php $_POST['updatefile'] is filename and $_POST['tinymce_content'] is file content, there is no filter function for security. A remote authenticated admin user can exploit this vulnerability to get a webshell.

Vulnerable Configurations

Part	Description	Count
Application	Dbhcms_Project Dbhcms Project Dbhcms 1.2.0	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/fragrant10/cve/tree/master/dbhcms1.2.0#14