In DouCo DouPHP v1.5 Release 20190516, remote attackers can view the database backup file via a brute-force guessing approach for data/backup/DyyyymmddThhmmss.sql filenames.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-06-03
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/page.php?rec=edit has XSS via the page_name parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-28
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/system.php?rec=update has XSS via the site_name parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-28
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product.php?rec=update has XSS via the name parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-28
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/show.php?rec=update has XSS via the show_name parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-28
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article.php?rec=update has XSS via the title parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-28
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article_category.php?rec=update has XSS via the cat_name parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-28
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/mobile.php?rec=system&act=update has XSS via the mobile_name parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-28
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product_category.php?rec=update has XSS via the cat_name parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-28
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/nav.php?rec=update has XSS via the nav_name parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-28
Page 1