CVE-2024-57599

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Feb 6, 2025

CWE ID 79

Summary

CVE-2024-57599 is a newly disclosed Cross-Site Scripting (XSS) vulnerability affecting DouPHP version 1.8, released on December 3, 2023. This issue permits attackers to inject arbitrary code by crafting malicious payloads and targeting the description parameter in the /admin/article.php file. Successful exploitation could lead to unauthorized access, data theft, or site defacement. Users are strongly advised to update their DouPHP installations as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2T9t7A
https://www.cve.org/CVERecord?id=CVE-2024-57599
https://nvd.nist.gov/vuln/detail/CVE-2024-57599

Back to Vulnerability Database

CVE-2024-57599

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations