Vulnerabilities > Dbhcms Project > Dbhcms

DATE CVE VULNERABILITY TITLE RISK
2020-08-24 CVE-2020-19881 Cross-site Scripting vulnerability in Dbhcms Project Dbhcms 1.2.0
DBHcms v1.2.0 has a reflected xss vulnerability as there is no security filter in dbhcms\mod\mod.selector.php line 108 for $_GET['return_name'] parameter, A remote authenticated with admin user can exploit this vulnerability to hijack other users.
3.5
2020-08-24 CVE-2020-19880 Cross-site Scripting vulnerability in Dbhcms Project Dbhcms 1.2.0
DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function form 'Name' in dbhcms\types.php, A remote unauthenticated attacker can exploit this vulnerability to hijack other users.
4.3
2020-08-24 CVE-2020-19879 Cross-site Scripting vulnerability in Dbhcms Project Dbhcms 1.2.0
DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter of $_GET['dbhcms_pid'] variable in dbhcms\page.php line 107,
4.3
2020-08-24 CVE-2020-19878 Information Exposure vulnerability in Dbhcms Project Dbhcms 1.2.0
DBHcms v1.2.0 has a sensitive information leaks vulnerability as there is no security access control in /dbhcms/ext/news/ext.news.be.php, A remote unauthenticated attacker can exploit this vulnerability to get path information.
network
low complexity
dbhcms-project CWE-200
5.0
2020-08-24 CVE-2020-19877 Path Traversal vulnerability in Dbhcms Project Dbhcms 1.2.0
DBHcms v1.2.0 has a directory traversal vulnerability as there is no directory control function in directory /dbhcms/.
network
low complexity
dbhcms-project CWE-22
5.0