32 matches found
PT-2025-5840 · Douphp · Douphp
Name of the Vulnerable Software and Affected Versions: DouPHP version 1.8 Release 20231203 Description: The issue allows attackers to execute arbitrary code via a crafted payload injected into the description parameter in "/admin/article.php" API endpoint. This enables attackers to perform...
CVE-2024-57599
Cross Site Scripting vulnerability in DouPHP v.1.8 Release 20231203 allows attackers to execute arbitrary code via a crafted payload injected into the description parameter in /admin/article.php...
CVE-2024-57599
Cross Site Scripting vulnerability in DouPHP v.1.8 Release 20231203 allows attackers to execute arbitrary code via a crafted payload injected into the description parameter in /admin/article.php...
CVE-2024-57599
CVE-2024-57599 affects DouPHP v1.8 Release 20231203. The vulnerability arises from improper handling of the description parameter in /admin/article.php, allowing an attacker to inject a crafted payload that leads to cross-site scripting and arbitrary code execution. Affected component: descriptio...
CVE-2024-7917
A vulnerability, which was classified as critical, has been found in DouPHP 1.7 Release 20220822. Affected by this issue is some unknown functionality of the file /admin/system.php of the component Favicon Handler. The manipulation of the argument sitefavicon leads to unrestricted upload. The...
CVE-2023-30205
A stored cross-site scripting XSS vulnerability in DouPHP v1.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the uniqueid parameter in /admin/article.php...
SQL injection vulnerability in DouPHP sn***.php file at Zhangzhou Beanshell Network Technology Co.
DouPHP is a lightweight enterprise website management system based on PHP+Mysql architecture, running on various platforms such as Linux, Windows, MacOSX, Solaris and so on. A SQL injection vulnerability exists in the DouPHP sn.php file of Zhangzhou Beanshell Network Technology Co. Ltd, which can...
Logic flaw vulnerability in Douphp lo***.php file
DouPHP is a lightweight enterprise website management system based on PHP+Mysql architecture, running on various platforms such as Linux, Windows, MacOSX, Solaris and so on. A logic flaw vulnerability exists in the Douphp lo.php file. Attackers can capture packets for blasting and obtain sensitiv...
Code execution vulnerability exists in DouPHP (CNVD-2019-29926)
DouPHP is a lightweight enterprise website management system based on PHP+Mysql architecture, running on various platforms such as Linux, Windows, MacOSX, Solaris and so on. DouPHP has a code execution vulnerability that can be exploited by attackers to gain control of the web server...
DouCo DouPHP Cross-Site Scripting Vulnerability (CNVD-2019-00999)
DouCo DouPHP is a lightweight open source CMS Content Management System based on PHP and MySQL. A cross-site scripting vulnerability exists in admin/article.php?rec=update in DouCo DouPHP version 1.5 20181221. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...
DouCo DouPHP cross-site scripting vulnerability (CNVD-2019-00997)
DouCo DouPHP is a lightweight open source CMS Content Management System based on PHP and MySQL. A cross-site scripting vulnerability exists in admin/product.php?rec=update in DouCo DouPHP version 1.5 20181221. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...
DouCo DouPHP Information Disclosure Vulnerability
DouCo DouPHP is a lightweight open source CMS Content Management System based on PHP and MySQL. A security vulnerability exists in DouCo DouPHP version 1.5 20181221. An attacker can exploit the vulnerability to obtain the full path in the error message 'Smarty error: unable to read resource' with...