Lucene search
K
Dbhcms ProjectDbhcms

15 matches found

CVE
CVE
added 2020/08/24 1:44 p.m.54 views

CVE-2020-19877

DBHcms v1.2.0 is affected by a directory traversal vulnerability due to lack of directory access control in the /dbhcms/ directory. A remote unauthenticated attacker can obtain server‑sensitive information through this flaw. Root cause: absence of directory traversal protection in the application...

5.3CVSS5.3AI score0.0171EPSS
CVE
CVE
added 2020/08/24 2:22 p.m.50 views

CVE-2020-19882

CVE-2020-19882 affects DBHcms v1.2.0. A stored XSS vulnerability exists due to missing htmlspecialchars handling for the ‘menu_description’ variable in the code paths dbhcms/mod/mod.menus.edit.php (line 83) and dbhcms/mod/mod.menus.view.php (line 111). The issue could allow a remote attacker auth...

4.8CVSS4.9AI score0.00659EPSS
CVE
CVE
added 2020/08/24 2:8 p.m.45 views

CVE-2020-19879

DBHcms v1.2.0 is vulnerable to a stored cross-site scripting (XSS) due to lack of input filtering on $_GET['dbhcms_pid'] in dbhcms\page.php (line 107). CVE-2020-19879 has CVSS v2 base 4.3 (NETWORK, MEDIUM) and CVSS v3.1 base 6.1 (NETWORK, MEDIUM) with user interaction required. Exploitation detai...

6.1CVSS6.2AI score0.007EPSS
CVE
CVE
added 2020/08/24 2:35 p.m.44 views

CVE-2020-19887

DBHcms v1.2.0 is affected by a stored XSS vulnerability due to missing htmlspecialchars handling of $_POST['pageparam_insert_description'] in dbhcms/mod/mod.page.edit.php (line 227). An admin-authenticated remote attacker can trigger and hijack other users. The connected sources confirm the vulne...

4.8CVSS4.6AI score0.00851EPSS
CVE
CVE
added 2020/08/24 2:14 p.m.43 views

CVE-2020-19881

DBHcms v1.2.0 contains a reflected XSS vulnerability due to lack of input filtering on the $_GET['return_name'] parameter in dbhcms/mod/mod.selector.php (line 108). A remote attacker authenticated as an admin can exploit this to hijack other users. Affected component: DBHcms 1.2.0; Root cause: mi...

4.8CVSS4.9AI score0.00851EPSS
CVE
CVE
added 2020/08/24 2:38 p.m.43 views

CVE-2020-19888

DBHcms v1.2.0 is affected by CVE-2020-19888 due to an access control flaw in dbhcms\page.php at line 175, enabling unauthorized cache operations that can empty a table. Multiple connected sources (Red Hat advisory, CNVD entry, NVD description) corroborate this vulnerability and the implicated fil...

5.9CVSS5.7AI score0.00742EPSS
CVE
CVE
added 2020/08/24 2:5 p.m.42 views

CVE-2020-19878

CVE-2020-19878 affects DBHcms v1.2.0. The vulnerability is an information-disclosure due to missing security access control in the path /dbhcms/ext/news/ext.news.be.php, allowing a remote unauthenticated attacker to obtain path information. Connected sources corroborate the description across NVD...

7.5CVSS7.4AI score0.01519EPSS
CVE
CVE
added 2020/08/24 2:45 p.m.42 views

CVE-2020-19891

CVE-2020-19891 affects DBHcms v1.2.0. A vulnerability in file dbhcms/mod/mod.editor.php allows arbitrary file write via POSTed updatefile (filename) and tinymce_content (file content) because there is no security filtering. A remote authenticated admin user can exploit this to obtain a webshell. ...

7.2CVSS6.7AI score0.0141EPSS
CVE
CVE
added 2020/08/24 2:43 p.m.41 views

CVE-2020-19890

CVE-2020-19890 affects DBHcms v1.2.0. An arbitrary file read flaw exists in the file path handling for the editor module (dbhcms/mod/mod.editor.php) where $_GET['file'] is not filtered, allowing reading of arbitrary files. This is a server-side vulnerability impacting confidentiality; the provide...

4.9CVSS5.2AI score0.0092EPSS
CVE
CVE
added 2020/08/24 2:11 p.m.37 views

CVE-2020-19880

DBHcms v1.2.0 is affected by a stored XSS vulnerability due to the absence of htmlspecialchars protection for the Name field in dbhcms/types.php. This allows a remote unauthenticated attacker to hijack other users by injecting malicious input that is persisted and later rendered in other users’ s...

6.1CVSS6.2AI score0.0089EPSS
CVE
CVE
added 2020/08/24 2:25 p.m.37 views

CVE-2020-19883

CVE-2020-19883 affects DBHcms v1.2.0 with a stored cross-site scripting vulnerability due to a missing security filter in dbhcms/mod/mod.users.view.php line 57 (user_login). The vulnerability allows an authenticated admin to hijack other users, as described in multiple connected sources. Exploita...

4.8CVSS4.9AI score0.00659EPSS
CVE
CVE
added 2020/08/24 2:28 p.m.37 views

CVE-2020-19884

CVE-2020-19884 affects DBHcms v1.2.0. The vulnerability is a stored XSS caused by missing htmlspecialchars() in dbhcms\mod\mod.domain.edit.php line 119. Impact described as stored XSS with potential to inject script when handling untrusted input; exploitation details are not provided in the suppl...

4.8CVSS5.1AI score0.00564EPSS
CVE
CVE
added 2020/08/24 2:30 p.m.37 views

CVE-2020-19885

DBHcms v1.2.0 is affected by a stored XSS vulnerability in dbhcms/mod/mod.page.edit.php line 227 due to missing htmlspecialchars handling for $_POST['pageparam_insert_name']. Exploitation requires an authenticated admin user, which could allow hijacking other users. The available connected docume...

4.8CVSS4.8AI score0.00859EPSS
CVE
CVE
added 2020/08/24 2:33 p.m.37 views

CVE-2020-19886

CVE-2020-19886 : DBHcms v1.2.0 is vulnerable to Cross-Site Request Forgery due to missing CSRF protection. The vulnerability is demonstrated by a CSRF request to /index.php?dbhcms_pid=-80&deletemenu=9 that can delete a menu item. Multiple connected sources confirm the issue; no remediation or pat...

8.1CVSS8.1AI score0.00439EPSS
CVE
CVE
added 2020/08/24 2:40 p.m.37 views

CVE-2020-19889

CVE-2020-19889 affects DBHcms v1.2.0: a Cross-Site Request Forgery (CSRF) vulnerability due to missing CSRF protection, demonstrated by index.php?dbhcms_pid=-70 allowing an attacker to add a user. NVD reports CVSS v3.1 base score 8.8 (Network, Low complexity, User interaction required) and CVSS v...

8.8CVSS8.6AI score0.00513EPSS