Dbhcms Project

Dbhcms

15 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2020-19891

Exploit
  • EPSS 0.8%
  • Veröffentlicht 24.08.2020 15:15:14
  • Zuletzt bearbeitet 21.11.2024 05:09:28

DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\mod.editor.php $_POST['updatefile'] is filename and $_POST['tinymce_content'] is file content, there is no filter function for security. A remote authenticated admin user can explo...

7.5

CVE-2020-19878

Exploit
  • EPSS 0.52%
  • Veröffentlicht 24.08.2020 15:15:13
  • Zuletzt bearbeitet 21.11.2024 05:09:26

DBHcms v1.2.0 has a sensitive information leaks vulnerability as there is no security access control in /dbhcms/ext/news/ext.news.be.php, A remote unauthenticated attacker can exploit this vulnerability to get path information.

6.1

CVE-2020-19879

Exploit
  • EPSS 0.24%
  • Veröffentlicht 24.08.2020 15:15:13
  • Zuletzt bearbeitet 21.11.2024 05:09:26

DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter of $_GET['dbhcms_pid'] variable in dbhcms\page.php line 107,

6.1

CVE-2020-19880

Exploit
  • EPSS 0.64%
  • Veröffentlicht 24.08.2020 15:15:13
  • Zuletzt bearbeitet 21.11.2024 05:09:26

DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function form 'Name' in dbhcms\types.php, A remote unauthenticated attacker can exploit this vulnerability to hijack other users.

4.8

CVE-2020-19881

Exploit
  • EPSS 0.25%
  • Veröffentlicht 24.08.2020 15:15:13
  • Zuletzt bearbeitet 21.11.2024 05:09:26

DBHcms v1.2.0 has a reflected xss vulnerability as there is no security filter in dbhcms\mod\mod.selector.php line 108 for $_GET['return_name'] parameter, A remote authenticated with admin user can exploit this vulnerability to hijack other users.

4.8

CVE-2020-19882

Exploit
  • EPSS 0.25%
  • Veröffentlicht 24.08.2020 15:15:13
  • Zuletzt bearbeitet 21.11.2024 05:09:27

DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for 'menu_description' variable in dbhcms\mod\mod.menus.edit.php line 83 and in dbhcms\mod\mod.menus.view.php line 111, A remote authenticated with admin user can e...

4.8

CVE-2020-19883

Exploit
  • EPSS 0.25%
  • Veröffentlicht 24.08.2020 15:15:13
  • Zuletzt bearbeitet 21.11.2024 05:09:27

DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter in dbhcms\mod\mod.users.view.php line 57 for user_login, A remote authenticated with admin user can exploit this vulnerability to hijack other users.

4.8

CVE-2020-19884

Exploit
  • EPSS 0.32%
  • Veröffentlicht 24.08.2020 15:15:13
  • Zuletzt bearbeitet 21.11.2024 05:09:27

DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function in dbhcms\mod\mod.domain.edit.php line 119.

4.8

CVE-2020-19885

Exploit
  • EPSS 0.22%
  • Veröffentlicht 24.08.2020 15:15:13
  • Zuletzt bearbeitet 21.11.2024 05:09:27

DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for '$_POST['pageparam_insert_name']' variable in dbhcms\mod\mod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hi...

8.1

CVE-2020-19886

Exploit
  • EPSS 0.11%
  • Veröffentlicht 24.08.2020 15:15:13
  • Zuletzt bearbeitet 21.11.2024 05:09:27

DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for an /index.php?dbhcms_pid=-80&deletemenu=9 can delete any menu.