Security Vulnerabilities - CVEs Published In 2018
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/show.php?rec=update has XSS via the show_name parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-28
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article.php?rec=update has XSS via the title parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-28
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article_category.php?rec=update has XSS via the cat_name parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-28
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/mobile.php?rec=system&act=update has XSS via the mobile_name parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-28
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product_category.php?rec=update has XSS via the cat_name parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-28
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/nav.php?rec=update has XSS via the nav_name parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-28
An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in "Smarty error: unable to read resource" error messages for a crafted installation page.
CVSS Score
5.3
EPSS Score
0.004
Published
2018-12-28
An issue was discovered in DouCo DouPHP 1.5 20181221. \install\index.php allows a reload of the product in opportunistic circumstances in which install.lock cannot be read.
CVSS Score
5.3
EPSS Score
0.003
Published
2018-12-28
Administrator/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass.
CVSS Score
9.8
EPSS Score
0.007
Published
2018-12-28
user/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass.
CVSS Score
9.8
EPSS Score
0.007
Published
2018-12-28