74 matches found
CVE-2018-20565
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/nav.php?rec=update has XSS via the navname parameter...
CVE-2018-20567
An issue was discovered in DouCo DouPHP 1.5 20181221. \install\index.php allows a reload of the product in opportunistic circumstances in which install.lock cannot be read...
CVE-2018-20562
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/articlecategory.php?rec=update has XSS via the catname parameter...
Design/Logic Flaw
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/show.php?rec=update has XSS via the showname parameter...
Default credentials
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/nav.php?rec=update has XSS via the navname parameter...
Path traversal
An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in "Smarty error: unable to read resource" error messages for a crafted installation page...
Design/Logic Flaw
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product.php?rec=update has XSS via the name parameter...
Default credentials
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article.php?rec=update has XSS via the title parameter...
Design/Logic Flaw
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/productcategory.php?rec=update has XSS via the catname parameter...
Design/Logic Flaw
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/articlecategory.php?rec=update has XSS via the catname parameter...
Design/Logic Flaw
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/page.php?rec=edit has XSS via the pagename parameter...
Design/Logic Flaw
An issue was discovered in DouCo DouPHP 1.5 20181221. \install\index.php allows a reload of the product in opportunistic circumstances in which install.lock cannot be read...
Design/Logic Flaw
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/mobile.php?rec=system&act=update has XSS via the mobilename parameter...
CVE-2018-20559
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product.php?rec=update has XSS via the name parameter...
CVE-2018-20566
An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in "Smarty error: unable to read resource" error messages for a crafted installation page...
CVE-2018-20563
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/mobile.php?rec=system&act=update has XSS via the mobilename parameter...
CVE-2018-20558
CVE-2018-20558 affects DouCo DouPHP 1.5 (20181221). The vulnerability is a Cross-Site Scripting (XSS) flaw in admin/system.php?rec=update, exploitable via the site_name parameter . This could allow an attacker to inject arbitrary web script/HTML that is rendered by a user’s browser; CVSS scores i...
CVE-2018-20562
Vulnerability summary (CVE-2018-20562): DouCo DouPHP 1.5 (build 20181221) contains a cross-site scripting flaw in admin/article_category.php?rec=update, exploitable through the cat_name parameter. The issue is that user-supplied input can be reflected in the page without proper sanitization, enab...
CVE-2018-20560
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/show.php?rec=update has XSS via the showname parameter...
CVE-2018-20567
CVE-2018-20567 affects DouCo DouPHP 1.5 (20181221). The issue resides in install\index.php, allowing a reload of the product in opportunistic scenarios when install.lock cannot be read. The vulnerability description does not provide exploit details or affected sub-components beyond this path and ...