64 matches found
CVE-2018-20561
CVE-2018-20561 affects DouCo DouPHP 1.5 20181221. The vulnerability is a stored/reflected XSS in admin/article.php?rec=update via the title parameter, enabling injection of arbitrary script/HTML as described in multiple sources. Affected component is the admin interface (article update logic) and...
CVE-2018-20567
An issue was discovered in DouCo DouPHP 1.5 20181221. \install\index.php allows a reload of the product in opportunistic circumstances in which install.lock cannot be read...
CVE-2018-20419
DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add an administrator account...
Cross site request forgery (csrf)
DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add an administrator account...