RSS   Podatności dla 'Douphp'   RSS

2022-03-30
 
CVE-2022-24131

CWE-79
 
 
DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in the background, which will lead to JavaScript code execution.

 
2021-12-08
 
CVE-2021-3370

CWE-79
 
 
DouPHP v1.6 was discovered to contain a cross-site scripting (XSS) vulnerability via /admin/cloud.php.

 
2019-06-02
 
CVE-2019-12564

CWE-284
 
 
In DouCo DouPHP v1.5 Release 20190516, remote attackers can view the database backup file via a brute-force guessing approach for data/backup/DyyyymmddThhmmss.sql filenames.

 
2018-12-28
 
CVE-2018-20567

CWE-732
 
 
An issue was discovered in DouCo DouPHP 1.5 20181221. \install\index.php allows a reload of the product in opportunistic circumstances in which install.lock cannot be read.

 
 
CVE-2018-20566

CWE-22
 
 
An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in "Smarty error: unable to read resource" error messages for a crafted installation page.

 
 
CVE-2018-20565

CWE-79
 
 
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/nav.php?rec=update has XSS via the nav_name parameter.

 
 
CVE-2018-20564

CWE-79
 
 
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product_category.php?rec=update has XSS via the cat_name parameter.

 
 
CVE-2018-20563

CWE-79
 
 
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/mobile.php?rec=system&act=update has XSS via the mobile_name parameter.

 
 
CVE-2018-20562

CWE-79
 
 
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article_category.php?rec=update has XSS via the cat_name parameter.

 
 
CVE-2018-20561

CWE-79
 
 
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article.php?rec=update has XSS via the title parameter.

 

Copyright 2024, cxsecurity.com

 

Back to Top