DouCo DouPHP Cross-Site Scripting Vulnerability (CNVD-2019-01001)

DouCo DouPHP is a lightweight open source CMS Content Management System based on PHP and MySQL. A cross-site scripting vulnerability exists in admin/mobile.php?rec=system&act=update in DouCo DouPHP version 1.5 20181221. A remote attacker can exploit this vulnerability to inject arbitrary web scri...

CVE-2018-20419

DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add an administrator account...