Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Douphp
(Douco)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 19 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2025-02-06 | CVE-2024-57599 | Cross Site Scripting vulnerability in DouPHP v.1.8 Release 20231203 allows attackers to execute arbitrary code via a crafted payload injected into the description parameter in /admin/article.php | Douphp | N/A | ||
2021-12-08 | CVE-2021-3370 | DouPHP v1.6 was discovered to contain a cross-site scripting (XSS) vulnerability via /admin/cloud.php. | Douphp | 6.1 | ||
2022-03-25 | CVE-2022-25574 | A stored cross-site scripting (XSS) vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file. | Douphp | 4.8 | ||
2022-03-30 | CVE-2022-24131 | DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in the background, which will lead to JavaScript code execution. | Douphp | 6.1 | ||
2023-01-13 | CVE-2022-46438 | A cross-site scripting (XSS) vulnerability in the /admin/article_category.php component of DouPHP v1.7 20221118 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the description parameter. | Douphp | 5.4 | ||
2024-08-18 | CVE-2024-7917 | A vulnerability, which was classified as critical, has been found in DouPHP 1.7 Release 20220822. Affected by this issue is some unknown functionality of the file /admin/system.php of the component Favicon Handler. The manipulation of the argument site_favicon leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | Douphp | 7.2 | ||
2019-06-03 | CVE-2019-12564 | In DouCo DouPHP v1.5 Release 20190516, remote attackers can view the database backup file via a brute-force guessing approach for data/backup/DyyyymmddThhmmss.sql filenames. | Douphp | 9.8 | ||
2018-12-28 | CVE-2018-20567 | An issue was discovered in DouCo DouPHP 1.5 20181221. \install\index.php allows a reload of the product in opportunistic circumstances in which install.lock cannot be read. | Douphp | 5.3 | ||
2018-12-28 | CVE-2018-20566 | An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in "Smarty error: unable to read resource" error messages for a crafted installation page. | Douphp | 5.3 | ||
2018-12-28 | CVE-2018-20565 | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/nav.php?rec=update has XSS via the nav_name parameter. | Douphp | 4.8 |