CVE-2022-24131

DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting XSS through /admin/login.php in the background, which will lead to JavaScript code execution...

CVE-2021-3370

DouPHP v1.6 was discovered to contain a cross-site scripting XSS vulnerability via /admin/cloud.php...

CVE-2018-20566

An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in "Smarty error: unable to read resource" error messages for a crafted installation page...

CVE-2018-20563

An issue was discovered in DouCo DouPHP 1.5 20181221. admin/mobile.php?rec=system=update has XSS via the mobilename parameter...

CVE-2018-20419

DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add an administrator account...

CVE-2018-20557

An issue was discovered in DouCo DouPHP 1.5 20181221. admin/page.php?rec=edit has XSS via the pagename parameter...

CVE-2018-20559

An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product.php?rec=update has XSS via the name parameter...

CVE-2018-20565

An issue was discovered in DouCo DouPHP 1.5 20181221. admin/nav.php?rec=update has XSS via the navname parameter...

CVE-2018-20561

An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article.php?rec=update has XSS via the title parameter...

CVE-2018-20562

An issue was discovered in DouCo DouPHP 1.5 20181221. admin/articlecategory.php?rec=update has XSS via the catname parameter...

CVE-2018-20564

An issue was discovered in DouCo DouPHP 1.5 20181221. admin/productcategory.php?rec=update has XSS via the catname parameter...

CVE-2018-20567

An issue was discovered in DouCo DouPHP 1.5 20181221. \install\index.php allows a reload of the product in opportunistic circumstances in which install.lock cannot be read...

CVE-2018-20560

An issue was discovered in DouCo DouPHP 1.5 20181221. admin/show.php?rec=update has XSS via the showname parameter...

CVE-2018-20558

An issue was discovered in DouCo DouPHP 1.5 20181221. admin/system.php?rec=update has XSS via the sitename parameter...

CVE-2024-57599

Cross Site Scripting vulnerability in DouPHP v.1.8 Release 20231203 allows attackers to execute arbitrary code via a crafted payload injected into the description parameter in /admin/article.php...

CVE-2024-57599

Cross Site Scripting vulnerability in DouPHP v.1.8 Release 20231203 allows attackers to execute arbitrary code via a crafted payload injected into the description parameter in /admin/article.php...

CVE-2024-57599

Cross Site Scripting vulnerability in DouPHP v.1.8 Release 20231203 allows attackers to execute arbitrary code via a crafted payload injected into the description parameter in /admin/article.php...

PT-2025-5840 · Douphp · Douphp

Name of the Vulnerable Software and Affected Versions: DouPHP version 1.8 Release 20231203 Description: The issue allows attackers to execute arbitrary code via a crafted payload injected into the description parameter in "/admin/article.php" API endpoint. This enables attackers to perform...

DouCo DouPHP 安全漏洞

DouCo DouPHP is a lightweight enterprise content management system CMS from China DouCo. A security vulnerability exists in DouCo DouPHP v.1.8, which originates from an arbitrary code execution vulnerability in the description parameter of the /admin/article.php page...

CVE-2024-57599

Cross Site Scripting vulnerability in DouPHP v.1.8 Release 20231203 allows attackers to execute arbitrary code via a crafted payload injected into the description parameter in /admin/article.php...