fragrant10

CVE-2020-19879 WRITEUP MEDIUM WRITEUP

DBHcms 1.2.0 - Stored Cross-Site Scripting via dbhcms_pid Parameter

DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter of $_GET['dbhcms_pid'] variable in dbhcms\page.php line 107,

CVSS 6.1

View Code

CVE-2020-19880 WRITEUP MEDIUM WRITEUP

DBHcms 1.2.0 - Stored Cross-Site Scripting in Name Field

DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function form 'Name' in dbhcms\types.php, A remote unauthenticated attacker can exploit this vulnerability to hijack other users.

CVSS 6.1

View Code

CVE-2020-19881 WRITEUP MEDIUM WRITEUP

DBHcms 1.2.0 - Authenticated Reflected Cross-Site Scripting via return_name Parameter

DBHcms v1.2.0 has a reflected xss vulnerability as there is no security filter in dbhcms\mod\mod.selector.php line 108 for $_GET['return_name'] parameter, A remote authenticated with admin user can exploit this vulnerability to hijack other users.

CVSS 4.8

View Code

CVE-2020-19882 WRITEUP MEDIUM WRITEUP

DBHcms 1.2.0 - Authenticated Stored Cross-Site Scripting in Menu Description

DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for 'menu_description' variable in dbhcms\mod\mod.menus.edit.php line 83 and in dbhcms\mod\mod.menus.view.php line 111, A remote authenticated with admin user can exploit this vulnerability to hijack other users.

CVSS 4.8

View Code

CVE-2020-19885 WRITEUP MEDIUM WRITEUP

DBHcms 1.2.0 - Authenticated Stored Cross-Site Scripting via pageparam_insert_name Parameter

DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for '$_POST['pageparam_insert_name']' variable in dbhcms\mod\mod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijack other users.

CVSS 4.8

View Code

CVE-2020-19888 WRITEUP MEDIUM WRITEUP

DBHcms 1.2.0 - Unauthenticated Unauthorized Cache Clearing via page.php

DBHcms v1.2.0 has an unauthorized operation vulnerability because there's no access control at line 175 of dbhcms\page.php for empty cache operation. This vulnerability can be exploited to empty a table.

CVSS 5.9

View Code

CVE-2020-19889 WRITEUP HIGH WRITEUP

DBHcms 1.2.0 - Cross-Site Request Forgery via User Addition

DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for index.php?dbhcms_pid=-70 can add a user.

CVSS 8.8

View Code

CVE-2020-19890 WRITEUP MEDIUM WRITEUP

DBHcms 1.2.0 - Arbitrary File Read via mod.editor.php File Parameter

DBHcms v1.2.0 has an Arbitrary file read vulnerability in dbhcms\mod\mod.editor.php $_GET['file'] is filename,and as there is no filter function for security, you can read any file's content.

CVSS 4.9

View Code