Lucene search

Douphp Security Vulnerabilities

cve

CVE-2023-30205

A stored cross-site scripting (XSS) vulnerability in DouPHP v1.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the unique_id parameter in...

4.8CVSS

4.9AI Score

0.0005EPSS

2023-05-03 09:15 PM

cve

CVE-2022-46438

A cross-site scripting (XSS) vulnerability in the /admin/article_category.php component of DouPHP v1.7 20221118 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the description...

5.4CVSS

5.3AI Score

0.001EPSS

2023-01-13 12:15 AM

cve

CVE-2022-24131

DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in the background, which will lead to JavaScript code...

6.1CVSS

6.2AI Score

0.001EPSS

2022-03-30 12:15 PM

cve

CVE-2022-25574

A stored cross-site scripting (XSS) vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image...

4.8CVSS

4.9AI Score

0.001EPSS

2022-03-25 04:15 PM

cve

CVE-2021-3370

DouPHP v1.6 was discovered to contain a cross-site scripting (XSS) vulnerability via...

6.1CVSS

6AI Score

0.001EPSS

2021-12-08 04:15 AM

cve

CVE-2019-12564

In DouCo DouPHP v1.5 Release 20190516, remote attackers can view the database backup file via a brute-force guessing approach for data/backup/DyyyymmddThhmmss.sql...

9.8CVSS

7.5AI Score

0.033EPSS

2019-06-03 12:29 AM

cve

CVE-2018-20560

An issue was discovered in DouCo DouPHP 1.5 20181221. admin/show.php?rec=update has XSS via the show_name...

4.8CVSS

6.2AI Score

0.001EPSS

2018-12-28 04:29 PM

cve

CVE-2018-20562

An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article_category.php?rec=update has XSS via the cat_name...

4.8CVSS

6.2AI Score

0.001EPSS

2018-12-28 04:29 PM

cve

CVE-2018-20566

An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in "Smarty error: unable to read resource" error messages for a crafted installation...

5.3CVSS

7AI Score

0.001EPSS

2018-12-28 04:29 PM

cve

CVE-2018-20559

An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product.php?rec=update has XSS via the name...

4.8CVSS

6.2AI Score

0.001EPSS

2018-12-28 04:29 PM

cve

CVE-2018-20558

An issue was discovered in DouCo DouPHP 1.5 20181221. admin/system.php?rec=update has XSS via the site_name...

4.8CVSS

6.2AI Score

0.001EPSS

2018-12-28 04:29 PM

cve

CVE-2018-20565

An issue was discovered in DouCo DouPHP 1.5 20181221. admin/nav.php?rec=update has XSS via the nav_name...

4.8CVSS

6.2AI Score

0.001EPSS

2018-12-28 04:29 PM

cve

CVE-2018-20563

An issue was discovered in DouCo DouPHP 1.5 20181221. admin/mobile.php?rec=system&act=update has XSS via the mobile_name...

4.8CVSS

6.2AI Score

0.001EPSS

2018-12-28 04:29 PM

cve

CVE-2018-20567

An issue was discovered in DouCo DouPHP 1.5 20181221. \install\index.php allows a reload of the product in opportunistic circumstances in which install.lock cannot be...

5.3CVSS

7.3AI Score

0.001EPSS

2018-12-28 04:29 PM

cve

CVE-2018-20564

An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product_category.php?rec=update has XSS via the cat_name...

4.8CVSS

6.2AI Score

0.001EPSS

2018-12-28 04:29 PM

cve

CVE-2018-20557

An issue was discovered in DouCo DouPHP 1.5 20181221. admin/page.php?rec=edit has XSS via the page_name...

4.8CVSS

6.2AI Score

0.001EPSS

2018-12-28 04:29 PM

cve

CVE-2018-20561

An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article.php?rec=update has XSS via the title...

4.8CVSS

6.2AI Score

0.001EPSS

2018-12-28 04:29 PM

cve

CVE-2018-20419

DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add an administrator...

8.8CVSS

7.4AI Score

0.001EPSS

2018-12-24 03:29 AM