CVE-2024-57599

CVE-2024-57599 affects DouPHP v1.8 Release 20231203. The vulnerability arises from improper handling of the description parameter in /admin/article.php, allowing an attacker to inject a crafted payload that leads to cross-site scripting and arbitrary code execution. Affected component: descriptio...

CVE-2024-57599

Cross Site Scripting vulnerability in DouPHP v.1.8 Release 20231203 allows attackers to execute arbitrary code via a crafted payload injected into the description parameter in /admin/article.php...

CVE-2024-7917

A vulnerability, which was classified as critical, has been found in DouPHP 1.7 Release 20220822. Affected by this issue is some unknown functionality of the file /admin/system.php of the component Favicon Handler. The manipulation of the argument sitefavicon leads to unrestricted upload. The...

CVE-2024-7917

A vulnerability, which was classified as critical, has been found in DouPHP 1.7 Release 20220822. Affected by this issue is some unknown functionality of the file /admin/system.php of the component Favicon Handler. The manipulation of the argument sitefavicon leads to unrestricted upload. The...

CVE-2024-7917

DouPHP 1.7 Release 20220822 is affected in the Favicon Handler, specifically /admin/system.php where the site_favicon parameter enables unrestricted file upload. The issue is exploitable remotely and documented as a full unrestricted upload vulnerability, implying risk of arbitrary file upload on...

CVE-2024-7917 DouPHP Favicon system.php unrestricted upload

A vulnerability, which was classified as critical, has been found in DouPHP 1.7 Release 20220822. Affected by this issue is some unknown functionality of the file /admin/system.php of the component Favicon Handler. The manipulation of the argument sitefavicon leads to unrestricted upload. The...

CVE-2024-7917 DouPHP Favicon system.php unrestricted upload

A vulnerability, which was classified as critical, has been found in DouPHP 1.7 Release 20220822. Affected by this issue is some unknown functionality of the file /admin/system.php of the component Favicon Handler. The manipulation of the argument sitefavicon leads to unrestricted upload. The...

DouCo DouPHP 代码问题漏洞

DouCo DouPHP is a lightweight enterprise content management system CMS from China DouCo Networks. A code issue vulnerability exists in DouCo DouPHP version 1.7 Release 20220822, which stems from a remote code execution vulnerability that can be exploited by an attacker with administrator privileg...

CVE-2023-30205

A stored cross-site scripting XSS vulnerability in DouPHP v1.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the uniqueid parameter in /admin/article.php...

CVE-2023-30205

A stored cross-site scripting XSS vulnerability in DouPHP v1.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the uniqueid parameter in /admin/article.php...

Cross site scripting

A stored cross-site scripting XSS vulnerability in DouPHP v1.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the uniqueid parameter in /admin/article.php...

CVE-2023-30205

CVE-2023-30205 affects DouPHP v1.7 with a stored XSS in the admin/article.php endpoint, via the unique_id parameter. The vulnerability could permit arbitrary web script execution or HTML injection, enabling attacker-controlled content to run in the victim’s browser. The connected documents consis...

PT-2023-22586 · Douphp · Douphp

Name of the Vulnerable Software and Affected Versions: DouPHP version 1.7 Description: A stored cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the unique id parameter in "/admin/article.php". This enables attackers to...

CVE-2023-30205

A stored cross-site scripting XSS vulnerability in DouPHP v1.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the uniqueid parameter in /admin/article.php...

DouCo DouPHP 跨站脚本漏洞

DouCo DouPHP is a lightweight enterprise content management system CMS from China's DouShell Network Technology Company. A security vulnerability exists in DouPHP v1.7, which stems from the presence of a stored cross-site scripting XSS vulnerability that allows an attacker to execute arbitrary we...

CVE-2022-46438

A cross-site scripting XSS vulnerability in the /admin/articlecategory.php component of DouPHP v1.7 20221118 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the description parameter...

CVE-2022-46438

A cross-site scripting XSS vulnerability in the /admin/articlecategory.php component of DouPHP v1.7 20221118 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the description parameter...

Cross site scripting

A cross-site scripting XSS vulnerability in the /admin/articlecategory.php component of DouPHP v1.7 20221118 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the description parameter...

PT-2023-14933 · Douphp · Douphp

Name of the Vulnerable Software and Affected Versions: DouPHP version 1.7 20221118 Description: A cross-site scripting XSS issue in the /admin/article category.php component allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the description parameter...

CVE-2022-46438

The CVE-2022-46438 vulnerability affects DouPHP v1.7 (build 20221118) in the /admin/article_category.php component. It enables cross-site scripting (XSS) by injecting a crafted payload into the description parameter of the affected function, allowing execution of arbitrary web scripts/HTML in a u...