Export limit exceeded: 363163 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363163 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-19896 | 1 1234n | 1 Minicms | 2024-11-21 | 9.8 Critical |
| File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php. | ||||
| CVE-2020-19891 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 7.2 High |
| DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\mod.editor.php $_POST['updatefile'] is filename and $_POST['tinymce_content'] is file content, there is no filter function for security. A remote authenticated admin user can exploit this vulnerability to get a webshell. | ||||
| CVE-2020-19890 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 4.9 Medium |
| DBHcms v1.2.0 has an Arbitrary file read vulnerability in dbhcms\mod\mod.editor.php $_GET['file'] is filename,and as there is no filter function for security, you can read any file's content. | ||||
| CVE-2020-19889 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 8.8 High |
| DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for index.php?dbhcms_pid=-70 can add a user. | ||||
| CVE-2020-19888 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 5.9 Medium |
| DBHcms v1.2.0 has an unauthorized operation vulnerability because there's no access control at line 175 of dbhcms\page.php for empty cache operation. This vulnerability can be exploited to empty a table. | ||||
| CVE-2020-19887 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 4.8 Medium |
| DBHcms v1.2.0 has a stored XSS vulnerability as there is no htmlspecialchars function for '$_POST['pageparam_insert_description']' variable in dbhcms\mod\mod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijack other users. | ||||
| CVE-2020-19886 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 8.1 High |
| DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for an /index.php?dbhcms_pid=-80&deletemenu=9 can delete any menu. | ||||
| CVE-2020-19885 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 4.8 Medium |
| DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for '$_POST['pageparam_insert_name']' variable in dbhcms\mod\mod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijack other users. | ||||
| CVE-2020-19884 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 4.8 Medium |
| DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function in dbhcms\mod\mod.domain.edit.php line 119. | ||||
| CVE-2020-19883 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 4.8 Medium |
| DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter in dbhcms\mod\mod.users.view.php line 57 for user_login, A remote authenticated with admin user can exploit this vulnerability to hijack other users. | ||||
| CVE-2020-19882 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 4.8 Medium |
| DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for 'menu_description' variable in dbhcms\mod\mod.menus.edit.php line 83 and in dbhcms\mod\mod.menus.view.php line 111, A remote authenticated with admin user can exploit this vulnerability to hijack other users. | ||||
| CVE-2020-19881 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 4.8 Medium |
| DBHcms v1.2.0 has a reflected xss vulnerability as there is no security filter in dbhcms\mod\mod.selector.php line 108 for $_GET['return_name'] parameter, A remote authenticated with admin user can exploit this vulnerability to hijack other users. | ||||
| CVE-2020-19880 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 6.1 Medium |
| DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function form 'Name' in dbhcms\types.php, A remote unauthenticated attacker can exploit this vulnerability to hijack other users. | ||||
| CVE-2020-19879 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 6.1 Medium |
| DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter of $_GET['dbhcms_pid'] variable in dbhcms\page.php line 107, | ||||
| CVE-2020-19878 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 7.5 High |
| DBHcms v1.2.0 has a sensitive information leaks vulnerability as there is no security access control in /dbhcms/ext/news/ext.news.be.php, A remote unauthenticated attacker can exploit this vulnerability to get path information. | ||||
| CVE-2020-19877 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 5.3 Medium |
| DBHcms v1.2.0 has a directory traversal vulnerability as there is no directory control function in directory /dbhcms/. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. | ||||
| CVE-2020-19861 | 1 Nlnetlabs | 1 Ldns | 2024-11-21 | 7.5 High |
| When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt_data is too trusted for the length value obtained from the zone file. When the memcpy is copied, the 0xfe - ldns_rdf_size(salt_rdf) byte data can be copied, causing heap overflow information leakage. | ||||
| CVE-2020-19860 | 1 Nlnetlabs | 1 Ldns | 2024-11-21 | 6.5 Medium |
| When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_internal function has a heap out of bounds read vulnerability. An attacker can leak information on the heap by constructing a zone file payload. | ||||
| CVE-2020-19858 | 1 Plutinosoft | 1 Platinum | 2024-11-21 | 7.5 High |
| Platinum Upnp SDK through 1.2.0 has a directory traversal vulnerability. The attack could remote attack victim by sending http://ip:port/../privacy.avi URL to compromise a victim's privacy. | ||||
| CVE-2020-19855 | 1 Phpwcms | 1 Phpwcms | 2024-11-21 | 6.1 Medium |
| phpwcms v1.9 contains a cross-site scripting (XSS) vulnerability in /image_zoom.php. | ||||