4 matches found
CVE-2022-28527
CVE-2022-28527 affects the DhCms release v20170919, where an arbitrary folder deletion vulnerability exists via the admin endpoint /admin.php?r=admin/AdminBackup/del. The connected records confirm the vulnerable component and the attack vector, but do not specify concrete patch versions or remedi...
CVE-2020-19275
The CVE-2020-19275 entry concerns dhcms 2017-09-18. Affected software: Dhcms (Dinghua Cloud CMS) using PHP/MySQL. Vulnerability: Information Disclosure via improper handling when users enter invalid characters after the normal interface, triggering an error that leaks the server’s physical path. ...
CVE-2020-19274
CVE-2020-19274 concerns a Cross-Site Scripting (XSS) vulnerability in Dhcms 2017-09-18, affecting the guestbook via the message board. The available connected documents identify Dhcms as the affected software and describe the vulnerability as allowing a remote attacker to execute arbitrary code t...
CVE-2019-9550
CVE-2019-9550 affects DhCms (DhCms through 2017-09-18) with an XSS in admin.php?r=admin/Index/index. The root cause is a stored/reflected XSS in the admin backend, enabling an attacker to potentially obtain cookie information (per CNVD-2019-08720). Multiple sources (NVD, Red Hat, CNVD) report the...