The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2020-19907 | A command injection vulnerability in the sandcat plugin of Caldera 2.3.1 and earlier allows authenticated attackers to execute any command or service. | MEDIUM | Jul 15, 2021 |
| CVE-2020-19902 | Directory Traversal vulnerability found in Cryptoprof WCMS v.0.3.2 allows a remote attacker to execute arbitrary code via the wex/cssjs.php parameter. | -- | Jun 27, 2023 |
| CVE-2020-19897 | A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter. | MEDIUM | Jun 29, 2022 |
| CVE-2020-19896 | File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php. | HIGH | Jun 29, 2022 |
| CVE-2020-19891 | DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\\mod\\mod.editor.php $_POST[\'updatefile\'] is filename and $_POST[\'tinymce_content\'] is file content, there is no filter function for security. A remote authenticated admin user can exploit this vulnerability to get a webshell. | MEDIUM | Aug 25, 2020 |
| CVE-2020-19890 | DBHcms v1.2.0 has an Arbitrary file read vulnerability in dbhcms\\mod\\mod.editor.php $_GET[\'file\'] is filename,and as there is no filter function for security, you can read any file\'s content. | MEDIUM | Aug 25, 2020 |
| CVE-2020-19889 | DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for index.php?dbhcms_pid=-70 can add a user. | MEDIUM | Aug 26, 2020 |
| CVE-2020-19888 | DBHcms v1.2.0 has an unauthorized operation vulnerability because there\'s no access control at line 175 of dbhcms\\page.php for empty cache operation. This vulnerability can be exploited to empty a table. | MEDIUM | Aug 25, 2020 |
| CVE-2020-19887 | DBHcms v1.2.0 has a stored XSS vulnerability as there is no htmlspecialchars function for \'$_POST[\'pageparam_insert_description\']\' variable in dbhcms\\mod\\mod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijack other users. | LOW | Aug 25, 2020 |
| CVE-2020-19886 | DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for an /index.php?dbhcms_pid=-80&deletemenu=9 can delete any menu. | MEDIUM | Aug 25, 2020 |
| CVE-2020-19885 | DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for \'$_POST[\'pageparam_insert_name\']\' variable in dbhcms\\mod\\mod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijack other users. | LOW | Aug 25, 2020 |
| CVE-2020-19884 | DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function in dbhcms\\mod\\mod.domain.edit.php line 119. | LOW | Aug 25, 2020 |
| CVE-2020-19883 | DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter in dbhcms\\mod\\mod.users.view.php line 57 for user_login, A remote authenticated with admin user can exploit this vulnerability to hijack other users. | LOW | Aug 25, 2020 |
| CVE-2020-19882 | DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for \'menu_description\' variable in dbhcms\\mod\\mod.menus.edit.php line 83 and in dbhcms\\mod\\mod.menus.view.php line 111, A remote authenticated with admin user can exploit this vulnerability to hijack other users. | LOW | Aug 25, 2020 |
| CVE-2020-19881 | DBHcms v1.2.0 has a reflected xss vulnerability as there is no security filter in dbhcms\\mod\\mod.selector.php line 108 for $_GET[\'return_name\'] parameter, A remote authenticated with admin user can exploit this vulnerability to hijack other users. | LOW | Aug 25, 2020 |
| CVE-2020-19880 | DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function form \'Name\' in dbhcms\\types.php, A remote unauthenticated attacker can exploit this vulnerability to hijack other users. | MEDIUM | Aug 25, 2020 |
| CVE-2020-19879 | DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter of $_GET[\'dbhcms_pid\'] variable in dbhcms\\page.php line 107, | MEDIUM | Aug 25, 2020 |
| CVE-2020-19878 | DBHcms v1.2.0 has a sensitive information leaks vulnerability as there is no security access control in /dbhcms/ext/news/ext.news.be.php, A remote unauthenticated attacker can exploit this vulnerability to get path information. | MEDIUM | Aug 25, 2020 |
| CVE-2020-19877 | DBHcms v1.2.0 has a directory traversal vulnerability as there is no directory control function in directory /dbhcms/. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. | MEDIUM | Aug 25, 2020 |
| CVE-2020-19861 | When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt_data is too trusted for the length value obtained from the zone file. When the memcpy is copied, the 0xfe - ldns_rdf_size(salt_rdf) byte data can be copied, causing heap overflow information leakage. | MEDIUM | Jan 21, 2022 |
| CVE-2020-19860 | When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_internal function has a heap out of bounds read vulnerability. An attacker can leak information on the heap by constructing a zone file payload. | MEDIUM | Jan 21, 2022 |
| CVE-2020-19858 | Platinum Upnp SDK through 1.2.0 has a directory traversal vulnerability. The attack could remote attack victim by sending http://ip:port/../privacy.avi URL to compromise a victim\'s privacy. | MEDIUM | Jan 21, 2022 |
| CVE-2020-19855 | phpwcms v1.9 contains a cross-site scripting (XSS) vulnerability in /image_zoom.php. | MEDIUM | Sep 10, 2021 |
| CVE-2020-19853 | BlueCMS v1.6 contains a SQL injection vulnerability via /ad_js.php. | HIGH | Sep 10, 2021 |
| CVE-2020-19850 | An issue found in Directus API v.2.2.0 allows a remote attacker to cause a denial of service via a great amount of HTTP requests. | -- | Apr 4, 2023 |
| CVE-2020-19825 | Cross Site Scripting (XSS) vulnerability in kevinpapst kimai2 1.30.0 in /src/Twig/Runtime/MarkdownExtension.php, allows attackers to gain escalated privileges. | -- | Feb 16, 2023 |
| CVE-2020-19824 | An issue in MPV v.0.29.1 fixed in v0.30 allows attackers to execute arbitrary code and crash program via the ao_c parameter. | -- | Feb 17, 2023 |
| CVE-2020-19822 | A remote code execution (RCE) vulnerability in template_user.php of ZZCMS version 2018 allows attackers to execute arbitrary PHP code via the ml and title parameters. | MEDIUM | Aug 26, 2021 |
| CVE-2020-19821 | A SQL injection vulnerability in admin.php of DOYOCMS 2.3 allows attackers to execute arbitrary SQL commands via the orders[] parameter. | MEDIUM | Aug 26, 2021 |
| CVE-2020-19803 | Cross Site Request Forgery vulnerability found in Milken DoyoCMS v.2.3 allows a remote attacker to execute arbitrary code via the background system settings. | -- | Apr 11, 2023 |
| CVE-2020-19802 | File Upload vulnerability found in Milken DoyoCMS v.2.3 allows a remote attacker to execute arbitrary code via the upload file type parameter. | -- | Apr 11, 2023 |
| CVE-2020-19786 | File upload vulnerability in CSKaza CSZ CMS v.1.2.2 fixed in v1.2.4 allows attacker to execute aritrary commands and code via crafted PHP file. | -- | Mar 24, 2023 |
| CVE-2020-19778 | Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote attackers to gain privileges in /index.php by manipulating the parameter user_id in the HTML request. | HIGH | Apr 14, 2021 |
| CVE-2020-19770 | A cross-site scripting (XSS) vulnerability in the system bulletin component of WUZHI CMS v4.1.0 allows attackers to steal the admin\'s cookie. | LOW | Dec 21, 2021 |
| CVE-2020-19769 | A lack of target address verification in the BurnMe() function of Rob The Bank 1.0 allows attackers to steal tokens from victim users via a crafted script. | MEDIUM | Sep 8, 2021 |
| CVE-2020-19768 | A lack of target address verification in the selfdestructs() function of ICOVO 1.0 allows attackers to steal tokens from victim users via a crafted script. | MEDIUM | Sep 8, 2021 |
| CVE-2020-19767 | A lack of target address verification in the destroycontract() function of 0xRACER 1.0 allows attackers to steal tokens from victim users via a crafted script. | MEDIUM | Sep 8, 2021 |
| CVE-2020-19766 | The time check operation of PepeAuctionSale 1.0 can be rendered ineffective by assigning a large number to the _duration variable, compromising access control to the application. | MEDIUM | Sep 8, 2021 |
| CVE-2020-19765 | An issue in the noReentrance() modifier of the Ethereum-based contract Accounting 1.0 allows attackers to carry out a reentrancy attack. | MEDIUM | Sep 8, 2021 |
| CVE-2020-19762 | Automated Logic Corporation (ALC) WebCTRL System 6.5 and prior allows remote attackers to execute any JavaScript code via a XSS payload for the first parameter in a GET request. | MEDIUM | Feb 26, 2021 |
| CVE-2020-19752 | The find_color_or_error function in gifsicle 1.92 contains a NULL pointer dereference. | MEDIUM | Sep 10, 2021 |
| CVE-2020-19751 | An issue was discovered in gpac 0.8.0. The gf_odf_del_ipmp_tool function in odf_code.c has a heap-based buffer over-read. | MEDIUM | Sep 10, 2021 |
| CVE-2020-19750 | An issue was discovered in gpac 0.8.0. The strdup function in box_code_base.c has a heap-based buffer over-read. | MEDIUM | Sep 10, 2021 |
| CVE-2020-19726 | An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service. | LOW | Aug 22, 2023 |
| CVE-2020-19725 | There is a use-after-free vulnerability in file pdd_simplifier.cpp in Z3 before 4.8.8. It occurs when the solver attempt to simplify the constraints and causes unexpected memory access. It can cause segmentation faults or arbitrary code execution. | -- | Aug 22, 2023 |
| CVE-2020-19724 | A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command. | LOW | Aug 22, 2023 |
| CVE-2020-19722 | An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1.5.1-628 causes a direct copy to NULL pointer dereference, leading to a denial of service (DOS). | MEDIUM | Jul 15, 2021 |
| CVE-2020-19721 | A heap buffer overflow vulnerability in Ap4TrunAtom.cpp of Bento 1.5.1-628 may lead to an out-of-bounds write while running mp42aac, leading to system crashes and a denial of service (DOS). | MEDIUM | Jul 15, 2021 |
| CVE-2020-19720 | An unhandled memory allocation failure in Core/AP4IkmsAtom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS). | MEDIUM | Jul 15, 2021 |
| CVE-2020-19719 | A buffer overflow vulnerability in Ap4ElstAtom.cpp of Bento 1.5.1-628 leads to a denial of service (DOS). | MEDIUM | Jul 15, 2021 |
