Login Sign Up

CVE-2020-19891

7.2 HIGH

📋 TL;DR

DBHcms v1.2.0 contains an arbitrary file write vulnerability in the editor module that allows authenticated admin users to write arbitrary content to any file on the server. This enables attackers to upload webshells and gain remote code execution. Only DBHcms v1.2.0 installations with admin user access are affected.

💻 Affected Systems

Products:
  • DBHcms
Versions: v1.2.0
Operating Systems: All operating systems running PHP
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated admin user access; vulnerability exists in default installation

📦 What is this software?

Dbhcms by Dbhcms Project

View all CVEs affecting Dbhcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via webshell leading to data theft, ransomware deployment, or use as attack platform

🟠

Likely Case

Webshell installation leading to data exfiltration, defacement, or lateral movement within the network

🟢

If Mitigated

Limited impact due to proper access controls, file permissions, and monitoring

🌐 Internet-Facing: HIGH - Internet-facing instances allow remote authenticated attackers to gain webshell access
🏢 Internal Only: MEDIUM - Requires authenticated admin access, but internal threats or compromised credentials still pose risk

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires admin credentials; public proof-of-concept exists in GitHub repositories

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None known

Restart Required: No

Instructions:

No official patch available. Upgrade to newer version if exists, or implement workarounds.

🔧 Temporary Workarounds

Input Validation for Editor Module

all

Add file extension validation and path sanitization to mod.editor.php

Edit dbhcms\mod\mod.editor.php to validate $_POST['updatefile'] against allowed file extensions and paths

File Permission Restrictions

linux

Set strict file permissions on web directories to prevent PHP file execution

chmod 644 *.php
chmod 755 uploads/
chmod 000 dangerous_directories/

🧯 If You Can't Patch

  • Implement strict access controls and multi-factor authentication for admin accounts
  • Deploy web application firewall (WAF) rules to block file write attempts to unauthorized locations

🔍 How to Verify

Check if Vulnerable:

Check if running DBHcms v1.2.0 and examine dbhcms\mod\mod.editor.php for lack of input validation on $_POST['updatefile']

Check Version:

Check DBHcms configuration files or admin panel for version information

Verify Fix Applied:

Test if arbitrary file writes are prevented by attempting to write to unauthorized locations via editor module

📡 Detection & Monitoring

Log Indicators:

  • Unusual file write operations in web server logs
  • POST requests to mod.editor.php with suspicious filenames
  • Creation of unexpected PHP files in web directories

Network Indicators:

  • HTTP POST requests containing file write patterns to editor endpoint
  • Unusual outbound connections from web server

SIEM Query:

source="web_logs" AND uri="/dbhcms/mod/editor.php" AND method="POST" AND (filename="*.php" OR filename="*.exe" OR filename="*.sh")

📊 Metadata

CVE ID: CVE-2020-19891
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: August 24, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-19891, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)