160 matches found
CVE-2020-19891
DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\mod.editor.php $POST'updatefile' is filename and $POST'tinymcecontent' is file content, there is no filter function for security. A remote authenticated admin user can exploit this vulnerability to get a webshell...
CVE-2020-19889
DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for index.php?dbhcmspid=-70 can add a user...
CVE-2020-19884
DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function in dbhcms\mod\mod.domain.edit.php line 119...
CVE-2020-19888
DBHcms v1.2.0 has an unauthorized operation vulnerability because there's no access control at line 175 of dbhcms\page.php for empty cache operation. This vulnerability can be exploited to empty a table...
CVE-2020-19883
DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter in dbhcms\mod\mod.users.view.php line 57 for userlogin, A remote authenticated with admin user can exploit this vulnerability to hijack other users...
CVE-2020-19880
DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function form 'Name' in dbhcms\types.php, A remote unauthenticated attacker can exploit this vulnerability to hijack other users...
CVE-2020-19886
DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for an /index.php?dbhcmspid=-80=9 can delete any menu...
CVE-2020-19890
DBHcms v1.2.0 has an Arbitrary file read vulnerability in dbhcms\mod\mod.editor.php $GET'file' is filename,and as there is no filter function for security, you can read any file's content...
CVE-2020-19887
DBHcms v1.2.0 has a stored XSS vulnerability as there is no htmlspecialchars function for '$POST'pageparaminsertdescription'' variable in dbhcms\mod\mod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijack other users...
CVE-2020-19881
DBHcms v1.2.0 has a reflected xss vulnerability as there is no security filter in dbhcms\mod\mod.selector.php line 108 for $GET'returnname' parameter, A remote authenticated with admin user can exploit this vulnerability to hijack other users...
CVE-2020-19878
DBHcms v1.2.0 has a sensitive information leaks vulnerability as there is no security access control in /dbhcms/ext/news/ext.news.be.php, A remote unauthenticated attacker can exploit this vulnerability to get path information...
Dbhcms Has Arbitrary File Read Vulnerability
Dbhcms is a small PHP open source content management system for personal and small business websites. Dbhcms has an arbitrary file read vulnerability that can be exploited by attackers to obtain sensitive information...
Dbhcms has a file upload vulnerability
Dbhcms is a small PHP open source content management system for personal and small business websites. Dbhcms has a file upload vulnerability that can be exploited by attackers to gain control of the server...
DBHcms Cross-Site Scripting Vulnerability (CNVD-2020-52191)
DBHcms is a small PHP open source content management system. It is suitable for personal and small business websites. DBHcms version 1.2.0 cross-site scripting vulnerability , the vulnerability stems from the lack of WEB applications on the client side of the correct validation of data , an...
DBHcms Cross-Site Request Forgery Vulnerability
DBHcms is a small, free and open source content management system for personal and small business websites. DBHcms 1.2.0 suffers from a cross-site request forgery vulnerability. An attacker can exploit this vulnerability to add users via index.php?dbhcmspid=-70...
DBHcms Cross-Site Scripting Vulnerability (CNVD-2020-49085)
DBHcms is a small, free and open source content management system for personal and small business websites. A stored cross-site scripting vulnerability exists in DBHcms 1.2.0. The vulnerability stems from the non-existence of the htmlspecialchars function form 'Name' in dbhcmstypes.php. An attack...
DBHcms Cross-Site Scripting Vulnerability
DBHcms is a small, free and open source content management system for personal and small business websites. A stored cross-site scripting vulnerability exists in DBHcms 1.2.0. The vulnerability stems from the failure of the htmlspecialchars function in dbhcmsmodmod.domain.edit.php on line 119. An...
DBHcms Arbitrary File Write Vulnerability
DBHcms is a small, free and open source content management system for personal and small business websites. An arbitrary file write vulnerability exists in dbhcmsmodmod.editor.php $POST'updatefile' in DBHcms 1.2.0. An administrator user can exploit this vulnerability to obtain a webshell...
DBHcms Access Control Error Vulnerability
DBHcms is a small, free and open source content management system for personal and small business websites. An access control error vulnerability exists in DBHcms 1.2.0. The vulnerability stems from an access control failure to clear cache operation at line 175 of dbhcmspage.php. An attacker can...
DBHcms Cross-Site Scripting Vulnerability (CNVD-2020-49088)
DBHcms is a small, free and open source content management system for personal and small business websites. A stored cross-site scripting vulnerability exists in DBHcms 1.2.0. The vulnerability stems from the failure of a security filter for userlogin to exist in dbhcmsmodmod.users.view.php on li...