EUVD-2020-11781

Malware in sbrugna...

EUVD-2020-11777

Malware in sbrugna...

EUVD-2020-11774

Malware in sbrugna...

EUVD-2020-11787

Malware in sbrugna...

CVE-2020-19885

DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for '$POST'pageparaminsertname'' variable in dbhcms\mod\mod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijack other users...

CVE-2020-19891

DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\mod.editor.php $POST'updatefile' is filename and $POST'tinymcecontent' is file content, there is no filter function for security. A remote authenticated admin user can exploit this vulnerability to get a webshell...

CVE-2020-19889

DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for index.php?dbhcmspid=-70 can add a user...

CVE-2020-19888

DBHcms v1.2.0 has an unauthorized operation vulnerability because there's no access control at line 175 of dbhcms\page.php for empty cache operation. This vulnerability can be exploited to empty a table...

CVE-2020-19883

DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter in dbhcms\mod\mod.users.view.php line 57 for userlogin, A remote authenticated with admin user can exploit this vulnerability to hijack other users...

CVE-2020-19880

DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function form 'Name' in dbhcms\types.php, A remote unauthenticated attacker can exploit this vulnerability to hijack other users...

CVE-2020-19887

DBHcms v1.2.0 has a stored XSS vulnerability as there is no htmlspecialchars function for '$POST'pageparaminsertdescription'' variable in dbhcms\mod\mod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijack other users...

Dbhcms Has Arbitrary File Read Vulnerability

Dbhcms is a small PHP open source content management system for personal and small business websites. Dbhcms has an arbitrary file read vulnerability that can be exploited by attackers to obtain sensitive information...

DBHcms Cross-Site Scripting Vulnerability (CNVD-2020-49087)

DBHcms is a small, free and open source content management system for personal and small business websites. A stored cross-site scripting vulnerability exists in DBHcms 1.2.0. The vulnerability stems from the failure of the htmlspecialchars function for the 'menudescription' variable in...

CVE-2020-19887

DBHcms v1.2.0 has a stored XSS vulnerability as there is no htmlspecialchars function for '$POST'pageparaminsertdescription'' variable in dbhcms\mod\mod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijack other users...

Information disclosure

DBHcms v1.2.0 has a sensitive information leaks vulnerability as there is no security access control in /dbhcms/ext/news/ext.news.be.php, A remote unauthenticated attacker can exploit this vulnerability to get path information...

DBHcms 1.1.4 - Persistent Cross-Site Scripting

DBHcms 1.1.4 - Persistent Cross-Site Scripting Title: DBHcms 1.1.4 Stored XSS Vendor: http://www.drbenhur.com Dork: "powered by DBHcms" AUTHOR: ITSecTeam Email: [email protected] Website: http://www.itsecteam.com Forum : http://forum.ITSecTeam.com Original Advisory:...

DBHcms 1.1.4 - Persistent Cross-Site Scripting

Title: DBHcms 1.1.4 Stored XSS Vendor: http://www.drbenhur.com Dork: "powered by DBHcms" AUTHOR: ITSecTeam Email: [email protected] Website: http://www.itsecteam.com Forum : http://forum.ITSecTeam.com Original Advisory: www.ITSecTeam.com/en/vulnerabilities/vulnerability50.htm Thanks: r3dm0v3...