vendor:
Douran Portal
by:
ItSecTeam
8,8
CVSS
HIGH
XSS, Remote File Upload, Information Leakage, XSS
79, 264, 200, 79
CWE
Product Name: Douran Portal
Affected Version From: V3.9.7.55
Affected Version To: Prior
Patch Exists: YES
Related CWE: N/A
CPE: douran:douran_portal
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020
Douran Portal <= V3.9.7.55 Multiple Remote Vulnerabilities
Douran Portal is vulnerable to multiple remote vulnerabilities such as XSS, Remote File Upload, Information Leakage, and XSS. XSS None Present vulnerability can be exploited by sending a malicious request to the server with a malicious script in the query string. Remote File Upload vulnerability can be exploited by bypassing the authorization check and uploading malicious files. Information Leakage vulnerability can be exploited by accessing the DeviceInfo.aspx page. XSS Present vulnerability can be exploited by sending a malicious request to the server with a malicious script in the query string.
Mitigation:
Input validation should be performed on all user-supplied data to prevent malicious scripts from being executed. Authorization checks should be performed to prevent unauthorized file uploads. Access to the DeviceInfo.aspx page should be restricted.
