Vulnerabilities > Dbhcms Project

DATE	CVE	VULNERABILITY TITLE	RISK
2020-08-24	CVE-2020-19891	Out-of-bounds Write vulnerability in Dbhcms Project Dbhcms 1.2.0 DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\mod.editor.php $_POST['updatefile'] is filename and $_POST['tinymce_content'] is file content, there is no filter function for security. network low complexity dbhcms-project CWE-787	6.5
2020-08-24	CVE-2020-19890	Information Exposure vulnerability in Dbhcms Project Dbhcms 1.2.0 DBHcms v1.2.0 has an Arbitrary file read vulnerability in dbhcms\mod\mod.editor.php $_GET['file'] is filename,and as there is no filter function for security, you can read any file's content. network low complexity dbhcms-project CWE-200	4.0
2020-08-24	CVE-2020-19889	Cross-Site Request Forgery (CSRF) vulnerability in Dbhcms Project Dbhcms 1.2.0 DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for index.php?dbhcms_pid=-70 can add a user. network dbhcms-project CWE-352	6.8
2020-08-24	CVE-2020-19888	Incorrect Authorization vulnerability in Dbhcms Project Dbhcms 1.2.0 DBHcms v1.2.0 has an unauthorized operation vulnerability because there's no access control at line 175 of dbhcms\page.php for empty cache operation. network dbhcms-project CWE-863	4.3
2020-08-24	CVE-2020-19887	Cross-site Scripting vulnerability in Dbhcms Project Dbhcms 1.2.0 DBHcms v1.2.0 has a stored XSS vulnerability as there is no htmlspecialchars function for '$_POST['pageparam_insert_description']' variable in dbhcms\mod\mod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijack other users. network dbhcms-project CWE-79	3.5
2020-08-24	CVE-2020-19886	Cross-Site Request Forgery (CSRF) vulnerability in Dbhcms Project Dbhcms 1.2.0 DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for an /index.php?dbhcms_pid=-80&deletemenu=9 can delete any menu. network dbhcms-project CWE-352	4.3
2020-08-24	CVE-2020-19885	Cross-site Scripting vulnerability in Dbhcms Project Dbhcms 1.2.0 DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for '$_POST['pageparam_insert_name']' variable in dbhcms\mod\mod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijack other users. network dbhcms-project CWE-79	3.5
2020-08-24	CVE-2020-19884	Cross-site Scripting vulnerability in Dbhcms Project Dbhcms 1.2.0 DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function in dbhcms\mod\mod.domain.edit.php line 119. network dbhcms-project CWE-79	3.5
2020-08-24	CVE-2020-19883	Cross-site Scripting vulnerability in Dbhcms Project Dbhcms 1.2.0 DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter in dbhcms\mod\mod.users.view.php line 57 for user_login, A remote authenticated with admin user can exploit this vulnerability to hijack other users. network dbhcms-project CWE-79	3.5
2020-08-24	CVE-2020-19882	Cross-site Scripting vulnerability in Dbhcms Project Dbhcms 1.2.0 DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for 'menu_description' variable in dbhcms\mod\mod.menus.edit.php line 83 and in dbhcms\mod\mod.menus.view.php line 111, A remote authenticated with admin user can exploit this vulnerability to hijack other users. network dbhcms-project CWE-79	3.5

Vulnerabilities > Dbhcms Project {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Dbhcms Project"}]}

Vulnerabilities > Dbhcms Project