Vulnerabilities > Dbhcms Project
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-08-24 | CVE-2020-19881 | Cross-site Scripting vulnerability in Dbhcms Project Dbhcms 1.2.0 DBHcms v1.2.0 has a reflected xss vulnerability as there is no security filter in dbhcms\mod\mod.selector.php line 108 for $_GET['return_name'] parameter, A remote authenticated with admin user can exploit this vulnerability to hijack other users. | 3.5 |
2020-08-24 | CVE-2020-19880 | Cross-site Scripting vulnerability in Dbhcms Project Dbhcms 1.2.0 DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function form 'Name' in dbhcms\types.php, A remote unauthenticated attacker can exploit this vulnerability to hijack other users. | 4.3 |
2020-08-24 | CVE-2020-19879 | Cross-site Scripting vulnerability in Dbhcms Project Dbhcms 1.2.0 DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter of $_GET['dbhcms_pid'] variable in dbhcms\page.php line 107, | 4.3 |
2020-08-24 | CVE-2020-19878 | Information Exposure vulnerability in Dbhcms Project Dbhcms 1.2.0 DBHcms v1.2.0 has a sensitive information leaks vulnerability as there is no security access control in /dbhcms/ext/news/ext.news.be.php, A remote unauthenticated attacker can exploit this vulnerability to get path information. | 5.0 |
2020-08-24 | CVE-2020-19877 | Path Traversal vulnerability in Dbhcms Project Dbhcms 1.2.0 DBHcms v1.2.0 has a directory traversal vulnerability as there is no directory control function in directory /dbhcms/. | 5.0 |