200 matches found
CVE-2018-20560
The CVE-2018-20560 entry concerns DouCo DouPHP 1.5 (build 20181221). The vulnerability is a Cross-Site Scripting (XSS) flaw in admin/show.php?rec=update, exploitable via the show_name parameter. The Red Hat/CNVD/CVE cross-referenced entries corroborate the same issue. The available sources do not...
CVE-2018-20566
CVE-2018-20566 affects DouCo DouPHP 1.5 20181221. A crafted installation page can trigger a Smarty error: unable to read resource, leading to full path disclosure. The issue is documented across multiple sources (NVD, Red Hat, CNVD, CVE lists) with the same symptom, but the provided documents do ...
CVE-2018-20566
An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in "Smarty error: unable to read resource" error messages for a crafted installation page...
CVE-2018-20558
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/system.php?rec=update has XSS via the sitename parameter...
CVE-2018-20560
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/show.php?rec=update has XSS via the showname parameter...
CVE-2018-20567
CVE-2018-20567 affects DouCo DouPHP 1.5 (20181221). The issue resides in install\index.php, allowing a reload of the product in opportunistic scenarios when install.lock cannot be read. The vulnerability description does not provide exploit details or affected sub-components beyond this path and ...
CVE-2018-20565
DouCo DouPHP 1.5 (20181221) is affected by a Cross-Site Scripting (XSS) in admin/nav.php?rec=update via the nav_name parameter. The vulnerability could allow injection of arbitrary web script or HTML in the admin context. No exploit details or definitive remediation are provided in the connected ...
CVE-2018-20563
DouPHP 1.5 (build 20181221) is affected by a Cross-Site Scripting (XSS) vulnerability in admin/mobile.php?rec=system&act=update via the mobile_name parameter. This CVE-2018-20563 is consistently described across NVD, Red Hat, CNVD, CVE lists and related records as an XSS issue; no patch/remediati...
CVE-2018-20558
CVE-2018-20558 affects DouCo DouPHP 1.5 (20181221). The vulnerability is a Cross-Site Scripting (XSS) flaw in admin/system.php?rec=update, exploitable via the site_name parameter . This could allow an attacker to inject arbitrary web script/HTML that is rendered by a user’s browser; CVSS scores i...
CVE-2018-20559
The CVE-2018-20559 entry affects DouCo DouPHP 1.5 (build 20181221). The vulnerability is an XSS flaw in admin/product.php?rec=update that is exploitable via the name parameter, enabling injection of arbitrary script/HTML. Underlying cause: insufficient input sanitization on the name field. Docume...
CVE-2018-20561
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article.php?rec=update has XSS via the title parameter...
CVE-2018-20562
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/articlecategory.php?rec=update has XSS via the catname parameter...
CVE-2018-20564
CVE-2018-20564 affects DouCo DouPHP 1.5 20181221. The issue is a cross-site scripting (XSS) vulnerability in admin/product_category.php?rec=update via the bidirectional cat_name parameter. The root cause is improper handling of input in that parameter, leading to script injection and potential cl...
CVE-2018-20561
CVE-2018-20561 affects DouCo DouPHP 1.5 20181221. The vulnerability is a stored/reflected XSS in admin/article.php?rec=update via the title parameter, enabling injection of arbitrary script/HTML as described in multiple sources. Affected component is the admin interface (article update logic) and...
CVE-2018-20557
DouCo DouPHP 1.5 (build 20181221) is affected by a stored/reflected cross-site scripting vulnerability in admin/page.php?rec=edit via the page_name parameter. The issue arises from improper handling of input, permitting injection of arbitrary web script or HTML. Public writeups (CNVD/NVD) describ...
CVE-2018-20419
DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add an administrator account...
CVE-2018-20419
DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add an administrator account...
Cross site request forgery (csrf)
DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add an administrator account...
CVE-2018-20419
CVE-2018-20419 affects DouCo DouPHP 1.5. The flaw arises from a CSRF in the upload/admin/manager.php?rec=insert endpoint, which can be used to incrementally add an administrator account. According to the NVD entry, the vulnerability has a CMS-level impact across confidentiality, integrity, and av...
CVE-2018-20419
DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add an administrator account...