Duxcms Project ≫ Duxcms

DuxCMS3 v3.1.3 was discovered to contain a SQL injection vulnerability via the keyword parameter at /article/Content/index?class_id.

Cross Site Scripting (XSS) vulnerability in DuxCMS 2.1 allows remote attackers to run arbitrary code via the content, time, copyfrom parameters when adding or editing a post.

Cross Site Request Forgery (CSRF) vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add.

File upload vulnerability in DuxCMS 2.1 allows attackers to execute arbitrary php code via duxcms/AdminUpload/upload.

Directory traversal vulnerability in DuxCMS 2.1 allows attackers to delete arbitrary files via /admin/AdminBackup/del.

A vulnerability was found in annyshow DuxCMS 2.1. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed...

A vulnerability was found in annyshow DuxCMS 2.1. It has been classified as problematic. This affects an unknown part of the file admin.php&r=article/AdminContent/edit of the component Article Handler. The manipulation of the argument content leads t...

DuxCMS v3.1.3 was discovered to contain a SQL injection vulnerability via the component s/tools/SendTpl/index?keyword=.