dbhcms_project 漏洞与 CVE 列表(15)

产品(CPE): — CVE 数: 15

dbhcms_project 漏洞概览

汇总 dbhcms_project 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。

已披露问题常与 跨站脚本、CSRF与路径处理缺陷 相关,可能在 软件部署与生产负载 场景中带来 文件覆盖与内存损坏 等暴露风险。

相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。

漏洞分布趋势(近 24 个月)

显示 11515 CVE 数
«« 第一页 « 上一页 第 1 / 1 页 下一页 »
CVE 摘要 来源 最高 CVSS EPSS % 公开时间 更新时间
CVE-2020-19891 DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\mod.editor.php $_POST['updatefile'] is filename and $_POST['tinymce_content'] is file content, there is no filter function for security. A remote authenticated admin user can exploit this vulnerability to get a webshell. [email protected] 7.2 1.41% 2020-08-24 2026-06-16
CVE-2020-19890 DBHcms v1.2.0 has an Arbitrary file read vulnerability in dbhcms\mod\mod.editor.php $_GET['file'] is filename,and as there is no filter function for security, you can read any file's content. [email protected] 4.9 0.92% 2020-08-24 2026-06-16
CVE-2020-19889 DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for index.php?dbhcms_pid=-70 can add a user. [email protected] 8.8 0.51% 2020-08-24 2026-06-16
CVE-2020-19888 DBHcms v1.2.0 has an unauthorized operation vulnerability because there's no access control at line 175 of dbhcms\page.php for empty cache operation. This vulnerability can be exploited to empty a table. [email protected] 5.9 0.74% 2020-08-24 2026-06-16
CVE-2020-19887 DBHcms v1.2.0 has a stored XSS vulnerability as there is no htmlspecialchars function for '$_POST['pageparam_insert_description']' variable in dbhcms\mod\mod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijack other users. [email protected] 4.8 0.85% 2020-08-24 2026-06-16
CVE-2020-19886 DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for an /index.php?dbhcms_pid=-80&deletemenu=9 can delete any menu. [email protected] 8.1 0.44% 2020-08-24 2026-06-16
CVE-2020-19885 DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for '$_POST['pageparam_insert_name']' variable in dbhcms\mod\mod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijack other users. [email protected] 4.8 0.86% 2020-08-24 2026-06-16
CVE-2020-19884 DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function in dbhcms\mod\mod.domain.edit.php line 119. [email protected] 4.8 0.56% 2020-08-24 2026-06-16
CVE-2020-19883 DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter in dbhcms\mod\mod.users.view.php line 57 for user_login, A remote authenticated with admin user can exploit this vulnerability to hijack other users. [email protected] 4.8 0.66% 2020-08-24 2026-06-16
CVE-2020-19882 DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for 'menu_description' variable in dbhcms\mod\mod.menus.edit.php line 83 and in dbhcms\mod\mod.menus.view.php line 111, A remote authenticated with admin user can exploit this vulnerability to hijack other users. [email protected] 4.8 0.66% 2020-08-24 2026-06-16
CVE-2020-19881 DBHcms v1.2.0 has a reflected xss vulnerability as there is no security filter in dbhcms\mod\mod.selector.php line 108 for $_GET['return_name'] parameter, A remote authenticated with admin user can exploit this vulnerability to hijack other users. [email protected] 4.8 0.85% 2020-08-24 2026-06-16
CVE-2020-19880 DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function form 'Name' in dbhcms\types.php, A remote unauthenticated attacker can exploit this vulnerability to hijack other users. [email protected] 6.1 0.89% 2020-08-24 2026-06-16
CVE-2020-19879 DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter of $_GET['dbhcms_pid'] variable in dbhcms\page.php line 107, [email protected] 6.1 0.70% 2020-08-24 2026-06-16
CVE-2020-19878 DBHcms v1.2.0 has a sensitive information leaks vulnerability as there is no security access control in /dbhcms/ext/news/ext.news.be.php, A remote unauthenticated attacker can exploit this vulnerability to get path information. [email protected] 7.5 1.52% 2020-08-24 2026-06-16
CVE-2020-19877 DBHcms v1.2.0 has a directory traversal vulnerability as there is no directory control function in directory /dbhcms/. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. [email protected] 5.3 1.71% 2020-08-24 2026-06-16
«« 第一页 « 上一页 第 1 / 1 页 下一页 »
cvelogic Threat Intelligence