An issue was discovered in DOYO (aka doyocms) 2.3 through 2015-05-06. It has admin.php XSS.
4.8CVSS
5.2AI Score
0.001EPSS
File Upload vulnerability found in Milken DoyoCMS v.2.3 allows a remote attacker to execute arbitrary code via the upload file type parameter.
9.8CVSS
9.6AI Score
0.003EPSS
Cross Site Request Forgery vulnerability found in Milken DoyoCMS v.2.3 allows a remote attacker to execute arbitrary code via the background system settings.
8.8CVSS
8.8AI Score
0.003EPSS
A SQL injection vulnerability in admin.php of DOYOCMS 2.3 allows attackers to execute arbitrary SQL commands via the orders[] parameter.
8.8CVSS
9.1AI Score
0.001EPSS
SQL Injection vulnerability in pay.php in millken doyocms 2.3, allows attackers to execute arbitrary code, via the attribute parameter.
9.8CVSS
9.9AI Score
0.002EPSS
Arbitrary file upload vulnerability sysupload.php in millken doyocms 2.3 allows attackers to execute arbitrary code.
9.8CVSS
9.7AI Score
0.003EPSS