Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dbhcms project dbhcms 1.2.0 vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2020-19881
DBHcms v1.2.0 has a reflected xss vulnerability as there is no security filter in dbhcms\mod\mod.selector.php line 108 for $_GET['return_name'] parameter, A remote authenticated with admin user can exploit this vulnerability to hijack other users.
Dbhcms Project Dbhcms 1.2.0
4.8
CVSSv3
CVE-2020-19885
DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for '$_POST['pageparam_insert_name']' variable in dbhcms\mod\mod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijack other...
Dbhcms Project Dbhcms 1.2.0
8.8
CVSSv3
CVE-2020-19889
DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for index.php?dbhcms_pid=-70 can add a user.
Dbhcms Project Dbhcms 1.2.0
4.9
CVSSv3
CVE-2020-19890
DBHcms v1.2.0 has an Arbitrary file read vulnerability in dbhcms\mod\mod.editor.php $_GET['file'] is filename,and as there is no filter function for security, you can read any file's content.
Dbhcms Project Dbhcms 1.2.0
4.8
CVSSv3
CVE-2020-19887
DBHcms v1.2.0 has a stored XSS vulnerability as there is no htmlspecialchars function for '$_POST['pageparam_insert_description']' variable in dbhcms\mod\mod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijac...
Dbhcms Project Dbhcms 1.2.0
5.9
CVSSv3
CVE-2020-19888
DBHcms v1.2.0 has an unauthorized operation vulnerability because there's no access control at line 175 of dbhcms\page.php for empty cache operation. This vulnerability can be exploited to empty a table.
Dbhcms Project Dbhcms 1.2.0
7.2
CVSSv3
CVE-2020-19891
DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\mod.editor.php $_POST['updatefile'] is filename and $_POST['tinymce_content'] is file content, there is no filter function for security. A remote authenticated admin user can exploit this vu...
Dbhcms Project Dbhcms 1.2.0
8.1
CVSSv3
CVE-2020-19886
DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for an /index.php?dbhcms_pid=-80&deletemenu=9 can delete any menu.
Dbhcms Project Dbhcms 1.2.0
5.3
CVSSv3
CVE-2020-19877
DBHcms v1.2.0 has a directory traversal vulnerability as there is no directory control function in directory /dbhcms/. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information.
Dbhcms Project Dbhcms 1.2.0
7.5
CVSSv3
CVE-2020-19878
DBHcms v1.2.0 has a sensitive information leaks vulnerability as there is no security access control in /dbhcms/ext/news/ext.news.be.php, A remote unauthenticated attacker can exploit this vulnerability to get path information.
Dbhcms Project Dbhcms 1.2.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »