CVE-2020-19888

{"id": "CVE-2020-19888", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2020-08-24T15:15:13.847", "references": [{"url": "https://github.com/fragrant10/cve/tree/master/dbhcms1.2.0#13", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/fragrant10/cve/tree/master/dbhcms1.2.0#13", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "DBHcms v1.2.0 has an unauthorized operation vulnerability because there's no access control at line 175 of dbhcms\\page.php for empty cache operation. This vulnerability can be exploited to empty a table."}, {"lang": "es", "value": "DBHcms versi\u00f3n v1.2.0, presenta una vulnerabilidad de operaci\u00f3n no autorizada porque no presenta un control de acceso en la l\u00ednea 175 del archivo dbhcms\\page.php para la operaci\u00f3n de cach\u00e9 vac\u00eda. Esta vulnerabilidad puede ser explotada para vaciar una tabla."}], "lastModified": "2024-11-21T05:09:27.950", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dbhcms_project:dbhcms:1.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DDAE8FC9-A3BC-4740-8008-FAE4B110F4FE"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}