Monthly Archive: August 2020

DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for an /index.php?dbhcms_pid=-80&deletemenu=9 can delete any menu. Date published : 2020-08-24 https://github.com/fragrant10/cve/tree/master/dbhcms1.2.0#12

DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for ‘$_POST[‘pageparam_insert_name’]’ variable in dbhcmsmodmod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijack other users....

DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function in dbhcmsmodmod.domain.edit.php line 119. Date published : 2020-08-24 https://github.com/fragrant10/cve/tree/master/dbhcms1.2.0#8

DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter in dbhcmsmodmod.users.view.php line 57 for user_login, A remote authenticated with admin user can exploit this vulnerability to hijack other users. Date...

DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for ‘menu_description’ variable in dbhcmsmodmod.menus.edit.php line 83 and in dbhcmsmodmod.menus.view.php line 111, A remote authenticated with admin user can exploit this...

DBHcms v1.2.0 has a reflected xss vulnerability as there is no security filter in dbhcmsmodmod.selector.php line 108 for $_GET[‘return_name’] parameter, A remote authenticated with admin user can exploit this vulnerability to hijack other users....

DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function form ‘Name’ in dbhcmstypes.php, A remote unauthenticated attacker can exploit this vulnerability to hijack other users. Date published : 2020-08-24 https://github.com/fragrant10/cve/tree/master/dbhcms1.2.0#4

DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter of $_GET[‘dbhcms_pid’] variable in dbhcmspage.php line 107, Date published : 2020-08-24 https://github.com/fragrant10/cve/tree/master/dbhcms1.2.0#3

DBHcms v1.2.0 has a sensitive information leaks vulnerability as there is no security access control in /dbhcms/ext/news/ext.news.be.php, A remote unauthenticated attacker can exploit this vulnerability to get path information. Date published : 2020-08-24 https://github.com/fragrant10/cve/tree/master/dbhcms1.2.0#2

DBHcms v1.2.0 has a directory traversal vulnerability as there is no directory control function in directory /dbhcms/. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. Date published : 2020-08-24 https://github.com/fragrant10/cve/tree/master/dbhcms1.2.0#1

A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when...

It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted...

It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to...

** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Server-Side Request Forgery (SSRF) vulnerability was found in Codiad v1.7.8 and later. A user with admin privileges could use the plugin install feature to make the...