PT-2020-15214 · Dbh · Dbhcms

Published

2020-08-24

Updated

2021-07-21

CVE-2020-19888

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions DBHcms version 1.2.0

Description The issue is related to an unauthorized operation due to a lack of access control. Specifically, at line 175 of dbhcmspage.php, there is no control for empty cache operations. This can be exploited to empty a table.

Recommendations For DBHcms version 1.2.0, consider adding access control to the empty cache operation at line 175 of dbhcmspage.php to prevent unauthorized actions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2020-19888

Affected Products

Dbhcms

PT-2020-15214 · Dbh · Dbhcms

CVE-2020-19888

Weakness Enumeration

Related Identifiers

Affected Products

References · 3