Total
18 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-7917 | 1 Douco | 1 Douphp | 2024-08-21 | 5.8 MEDIUM | 7.2 HIGH |
A vulnerability, which was classified as critical, has been found in DouPHP 1.7 Release 20220822. Affected by this issue is some unknown functionality of the file /admin/system.php of the component Favicon Handler. The manipulation of the argument site_favicon leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2022-46438 | 1 Douco | 1 Douphp | 2024-02-28 | N/A | 5.4 MEDIUM |
A cross-site scripting (XSS) vulnerability in the /admin/article_category.php component of DouPHP v1.7 20221118 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the description parameter. | |||||
CVE-2022-25574 | 1 Douco | 1 Douphp | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
A stored cross-site scripting (XSS) vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file. | |||||
CVE-2022-24131 | 1 Douco | 1 Douphp | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in the background, which will lead to JavaScript code execution. | |||||
CVE-2021-3370 | 1 Douco | 1 Douphp | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
DouPHP v1.6 was discovered to contain a cross-site scripting (XSS) vulnerability via /admin/cloud.php. | |||||
CVE-2019-12564 | 1 Douco | 1 Douphp | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
In DouCo DouPHP v1.5 Release 20190516, remote attackers can view the database backup file via a brute-force guessing approach for data/backup/DyyyymmddThhmmss.sql filenames. | |||||
CVE-2018-20557 | 1 Douco | 1 Douphp | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/page.php?rec=edit has XSS via the page_name parameter. | |||||
CVE-2018-20419 | 1 Douco | 1 Douphp | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add an administrator account. | |||||
CVE-2018-20566 | 1 Douco | 1 Douphp | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in "Smarty error: unable to read resource" error messages for a crafted installation page. | |||||
CVE-2018-20564 | 1 Douco | 1 Douphp | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product_category.php?rec=update has XSS via the cat_name parameter. | |||||
CVE-2018-20558 | 1 Douco | 1 Douphp | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/system.php?rec=update has XSS via the site_name parameter. | |||||
CVE-2018-20565 | 1 Douco | 1 Douphp | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/nav.php?rec=update has XSS via the nav_name parameter. | |||||
CVE-2018-20563 | 1 Douco | 1 Douphp | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/mobile.php?rec=system&act=update has XSS via the mobile_name parameter. | |||||
CVE-2018-20562 | 1 Douco | 1 Douphp | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article_category.php?rec=update has XSS via the cat_name parameter. | |||||
CVE-2018-20567 | 1 Douco | 1 Douphp | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in DouCo DouPHP 1.5 20181221. \install\index.php allows a reload of the product in opportunistic circumstances in which install.lock cannot be read. | |||||
CVE-2018-20560 | 1 Douco | 1 Douphp | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/show.php?rec=update has XSS via the show_name parameter. | |||||
CVE-2018-20559 | 1 Douco | 1 Douphp | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product.php?rec=update has XSS via the name parameter. | |||||
CVE-2018-20561 | 1 Douco | 1 Douphp | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article.php?rec=update has XSS via the title parameter. |