dbhcms_project CVE Vulnerabilities & Metrics

Focus on dbhcms_project vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About dbhcms_project Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with dbhcms_project. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total dbhcms_project CVEs: 15
Earliest CVE date: 24 Aug 2020, 14:15 UTC
Latest CVE date: 24 Aug 2020, 15:15 UTC

Latest CVE reference: CVE-2020-19891

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical dbhcms_project CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.37

Max CVSS: 6.8

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	6
4.0-6.9	9
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS dbhcms_project CVEs

These are the five CVEs with the highest CVSS scores for dbhcms_project, sorted by severity first and recency.

CVE-2020-19889 dbhcms_project Published on 24 Aug 2020, 15:15 UTC (CVSS: 6.8)
DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for index.php?dbhcms_pid=-70 can add a user.
CVE-2020-19891 dbhcms_project Published on 24 Aug 2020, 15:15 UTC (CVSS: 6.5)
DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\mod.editor.php $_POST['updatefile'] is filename and $_POST['tinymce_content'] is file content, there is no filter function for security. A remote authenticated admin user can exploit this vulnerability to get a webshell.
CVE-2020-19878 dbhcms_project Published on 24 Aug 2020, 15:15 UTC (CVSS: 5.0)
DBHcms v1.2.0 has a sensitive information leaks vulnerability as there is no security access control in /dbhcms/ext/news/ext.news.be.php, A remote unauthenticated attacker can exploit this vulnerability to get path information.
CVE-2020-19877 dbhcms_project Published on 24 Aug 2020, 14:15 UTC (CVSS: 5.0)
DBHcms v1.2.0 has a directory traversal vulnerability as there is no directory control function in directory /dbhcms/. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information.
CVE-2020-19888 dbhcms_project Published on 24 Aug 2020, 15:15 UTC (CVSS: 4.3)
DBHcms v1.2.0 has an unauthorized operation vulnerability because there's no access control at line 175 of dbhcms\page.php for empty cache operation. This vulnerability can be exploited to empty a table.

All CVEs for dbhcms_project

CVE-2020-19891 dbhcms_project vulnerability CVSS: 6.5 24 Aug 2020, 15:15 UTC

DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\mod.editor.php $_POST['updatefile'] is filename and $_POST['tinymce_content'] is file content, there is no filter function for security. A remote authenticated admin user can exploit this vulnerability to get a webshell.

CVE-2020-19890 dbhcms_project vulnerability CVSS: 4.0 24 Aug 2020, 15:15 UTC

DBHcms v1.2.0 has an Arbitrary file read vulnerability in dbhcms\mod\mod.editor.php $_GET['file'] is filename,and as there is no filter function for security, you can read any file's content.

CVE-2020-19889 dbhcms_project vulnerability CVSS: 6.8 24 Aug 2020, 15:15 UTC

DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for index.php?dbhcms_pid=-70 can add a user.

CVE-2020-19888 dbhcms_project vulnerability CVSS: 4.3 24 Aug 2020, 15:15 UTC

DBHcms v1.2.0 has an unauthorized operation vulnerability because there's no access control at line 175 of dbhcms\page.php for empty cache operation. This vulnerability can be exploited to empty a table.

CVE-2020-19887 dbhcms_project vulnerability CVSS: 3.5 24 Aug 2020, 15:15 UTC

DBHcms v1.2.0 has a stored XSS vulnerability as there is no htmlspecialchars function for '$_POST['pageparam_insert_description']' variable in dbhcms\mod\mod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijack other users.

CVE-2020-19886 dbhcms_project vulnerability CVSS: 4.3 24 Aug 2020, 15:15 UTC

DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for an /index.php?dbhcms_pid=-80&deletemenu=9 can delete any menu.

CVE-2020-19885 dbhcms_project vulnerability CVSS: 3.5 24 Aug 2020, 15:15 UTC

DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for '$_POST['pageparam_insert_name']' variable in dbhcms\mod\mod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijack other users.

CVE-2020-19884 dbhcms_project vulnerability CVSS: 3.5 24 Aug 2020, 15:15 UTC

DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function in dbhcms\mod\mod.domain.edit.php line 119.

CVE-2020-19883 dbhcms_project vulnerability CVSS: 3.5 24 Aug 2020, 15:15 UTC

DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter in dbhcms\mod\mod.users.view.php line 57 for user_login, A remote authenticated with admin user can exploit this vulnerability to hijack other users.

CVE-2020-19882 dbhcms_project vulnerability CVSS: 3.5 24 Aug 2020, 15:15 UTC

DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for 'menu_description' variable in dbhcms\mod\mod.menus.edit.php line 83 and in dbhcms\mod\mod.menus.view.php line 111, A remote authenticated with admin user can exploit this vulnerability to hijack other users.

CVE-2020-19881 dbhcms_project vulnerability CVSS: 3.5 24 Aug 2020, 15:15 UTC

DBHcms v1.2.0 has a reflected xss vulnerability as there is no security filter in dbhcms\mod\mod.selector.php line 108 for $_GET['return_name'] parameter, A remote authenticated with admin user can exploit this vulnerability to hijack other users.

CVE-2020-19880 dbhcms_project vulnerability CVSS: 4.3 24 Aug 2020, 15:15 UTC

DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function form 'Name' in dbhcms\types.php, A remote unauthenticated attacker can exploit this vulnerability to hijack other users.

CVE-2020-19879 dbhcms_project vulnerability CVSS: 4.3 24 Aug 2020, 15:15 UTC

DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter of $_GET['dbhcms_pid'] variable in dbhcms\page.php line 107,

CVE-2020-19878 dbhcms_project vulnerability CVSS: 5.0 24 Aug 2020, 15:15 UTC

DBHcms v1.2.0 has a sensitive information leaks vulnerability as there is no security access control in /dbhcms/ext/news/ext.news.be.php, A remote unauthenticated attacker can exploit this vulnerability to get path information.

CVE-2020-19877 dbhcms_project vulnerability CVSS: 5.0 24 Aug 2020, 14:15 UTC

DBHcms v1.2.0 has a directory traversal vulnerability as there is no directory control function in directory /dbhcms/. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information.