DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\mod.editor.php $_POST[โupdatefileโ] is filename and $_POST[โtinymce_contentโ] is file content, there is no filter function for security. A remote authenticated admin user can exploit this vulnerability to get a webshell.