CVE-2020-19891

Name of the Vulnerable Software and Affected Versions DBHcms version 1.2.0

Description The issue allows a remote authenticated admin user to exploit an Arbitrary file write vulnerability. This is due to the lack of a filter function for security in the mod.editor.php file. Specifically, the $ POST['updatefile'] variable is used as the filename and the $ POST['tinymce content'] variable is used as the file content. This can be exploited to gain a webshell.

Recommendations For DBHcms version 1.2.0, as a temporary workaround, consider restricting access to the mod.editor.php file until a patch is available. Additionally, restrict the use of the $ POST['updatefile'] and $ POST['tinymce content'] variables to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.