Vulnerabilities > Dbhcms Project

DATE CVE VULNERABILITY TITLE RISK
2020-08-24 CVE-2020-19891 Out-of-bounds Write vulnerability in Dbhcms Project Dbhcms 1.2.0
DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\mod.editor.php $_POST['updatefile'] is filename and $_POST['tinymce_content'] is file content, there is no filter function for security.
network
low complexity
dbhcms-project CWE-787
7.2
2020-08-24 CVE-2020-19890 Missing Authorization vulnerability in Dbhcms Project Dbhcms 1.2.0
DBHcms v1.2.0 has an Arbitrary file read vulnerability in dbhcms\mod\mod.editor.php $_GET['file'] is filename,and as there is no filter function for security, you can read any file's content.
network
low complexity
dbhcms-project CWE-862
4.9
2020-08-24 CVE-2020-19889 Cross-Site Request Forgery (CSRF) vulnerability in Dbhcms Project Dbhcms 1.2.0
DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for index.php?dbhcms_pid=-70 can add a user.
network
low complexity
dbhcms-project CWE-352
8.8
2020-08-24 CVE-2020-19888 Improper Authentication vulnerability in Dbhcms Project Dbhcms 1.2.0
DBHcms v1.2.0 has an unauthorized operation vulnerability because there's no access control at line 175 of dbhcms\page.php for empty cache operation.
network
high complexity
dbhcms-project CWE-287
5.9
2020-08-24 CVE-2020-19887 Cross-site Scripting vulnerability in Dbhcms Project Dbhcms 1.2.0
DBHcms v1.2.0 has a stored XSS vulnerability as there is no htmlspecialchars function for '$_POST['pageparam_insert_description']' variable in dbhcms\mod\mod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijack other users.
network
low complexity
dbhcms-project CWE-79
4.8
2020-08-24 CVE-2020-19886 Cross-Site Request Forgery (CSRF) vulnerability in Dbhcms Project Dbhcms 1.2.0
DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for an /index.php?dbhcms_pid=-80&deletemenu=9 can delete any menu.
network
low complexity
dbhcms-project CWE-352
8.1
2020-08-24 CVE-2020-19885 Cross-site Scripting vulnerability in Dbhcms Project Dbhcms 1.2.0
DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for '$_POST['pageparam_insert_name']' variable in dbhcms\mod\mod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijack other users.
network
low complexity
dbhcms-project CWE-79
4.8
2020-08-24 CVE-2020-19884 Cross-site Scripting vulnerability in Dbhcms Project Dbhcms 1.2.0
DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function in dbhcms\mod\mod.domain.edit.php line 119.
network
low complexity
dbhcms-project CWE-79
4.8
2020-08-24 CVE-2020-19883 Cross-site Scripting vulnerability in Dbhcms Project Dbhcms 1.2.0
DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter in dbhcms\mod\mod.users.view.php line 57 for user_login, A remote authenticated with admin user can exploit this vulnerability to hijack other users.
network
low complexity
dbhcms-project CWE-79
4.8
2020-08-24 CVE-2020-19882 Cross-site Scripting vulnerability in Dbhcms Project Dbhcms 1.2.0
DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for 'menu_description' variable in dbhcms\mod\mod.menus.edit.php line 83 and in dbhcms\mod\mod.menus.view.php line 111, A remote authenticated with admin user can exploit this vulnerability to hijack other users.
network
low complexity
dbhcms-project CWE-79
4.8