MidnightBSD

Advisories for douchat

CVE-2018-18737 MEDIUM

An XXE issue was discovered in Douchat 4.0.4 because Data\notify.php calls simplexml_load_string. This can also be used for SSRF.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
douchat douchat 4.0.4
CVE-2024-35324

Douchat 4.0.5 suffers from an arbitrary file upload vulnerability via Public/Plugins/webuploader/server/preview.php.

Products Affected

Vendor Product Version
douchat douchat 4.0.5