Skip to main content

Douchat

2 CVEs product

Monthly

CVE-2024-35324 CRITICAL POC Act Now

Douchat 4.0.5 suffers from an arbitrary file upload vulnerability via Public/Plugins/webuploader/server/preview.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP File Upload Douchat
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2018-18737 HIGH POC This Week

An XXE issue was discovered in Douchat 4.0.4 because Data\notify.php calls simplexml_load_string. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE SSRF PHP Douchat
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Douchat 4.0.5 suffers from an arbitrary file upload vulnerability via Public/Plugins/webuploader/server/preview.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

An XXE issue was discovered in Douchat 4.0.4 because Data\notify.php calls simplexml_load_string. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE SSRF PHP +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy