Filtered by vendor Dbhcms Project
Subscribe
Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-19878 | 1 Dbhcms Project | 1 Dbhcms | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| DBHcms v1.2.0 has a sensitive information leaks vulnerability as there is no security access control in /dbhcms/ext/news/ext.news.be.php, A remote unauthenticated attacker can exploit this vulnerability to get path information. | |||||
| CVE-2020-19889 | 1 Dbhcms Project | 1 Dbhcms | 2020-08-26 | 6.8 MEDIUM | 8.8 HIGH |
| DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for index.php?dbhcms_pid=-70 can add a user. | |||||
| CVE-2020-19886 | 1 Dbhcms Project | 1 Dbhcms | 2020-08-25 | 4.3 MEDIUM | 8.1 HIGH |
| DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for an /index.php?dbhcms_pid=-80&deletemenu=9 can delete any menu. | |||||
| CVE-2020-19891 | 1 Dbhcms Project | 1 Dbhcms | 2020-08-25 | 6.5 MEDIUM | 7.2 HIGH |
| DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\mod.editor.php $_POST['updatefile'] is filename and $_POST['tinymce_content'] is file content, there is no filter function for security. A remote authenticated admin user can exploit this vulnerability to get a webshell. | |||||