CVE-2024-7917— DouPHP Favicon system.php unrestricted upload

CVSS 4.7 · Medium EPSS 0.10% · P26 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-7917

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

DouPHP Favicon system.php unrestricted upload

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability, which was classified as critical, has been found in DouPHP 1.7 Release 20220822. Affected by this issue is some unknown functionality of the file /admin/system.php of the component Favicon Handler. The manipulation of the argument site_favicon leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

危险类型文件的不加限制上传

Source: NVD (National Vulnerability Database)

Vulnerability Title

DouCo DouPHP 代码问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

豆壳网络 DouCo DouPHP是中国豆壳网络公司的一套轻量级企业内容管理系统（CMS）。 DouCo DouPHP 1.7 Release 20220822版本存在代码问题漏洞，该漏洞源于存在远程代码执行漏洞，拥有管理员权限的攻击者可以通过该漏洞在服务器上执行任意命令。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	DouPHP	1.7 Release 20220822	-

II. Public POCs for CVE-2024-7917

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-7917

请登录查看更多情报信息。

【原创】（CVE-2024-7917）DouPHP 1.7 Release 20220822 远程代码执行漏洞 | 安全团队贡献平台exploit
CVE-2024-7917 DouPHP Favicon system.php unrestricted uploadvdb-entrytechnical-description
Submit #389296: 漳州豆壳网络科技有限公司 DouPHP 1.7 Release 20220822 Unrestricted Uploadthird-party-advisory
https://nvd.nist.gov/vuln/detail/CVE-2024-7917

Same Patch Batch · n/a · 2024-08-18 · 5 CVEs total

CVE-2024-7906	6.3 MEDIUM	DedeBIZ Attachment Settings select_images_post.php get_mime_type unrestricted upload
CVE-2024-7905	6.3 MEDIUM	DedeBIZ archives_do.php AdminUpload unrestricted upload
CVE-2024-7904	6.3 MEDIUM	DedeBIZ File Extension file_manage_control.php unrestricted upload
CVE-2024-7903	6.3 MEDIUM	DedeBIZ File Extension media_add.php unrestricted upload

IV. Related Vulnerabilities

Same product: DouPHP

Same vendor: n/a

Same weakness: CWE-434

V. Comments for CVE-2024-7917

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-7917— DouPHP Favicon system.php unrestricted upload

I. Basic Information for CVE-2024-7917

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-7917

III. Intelligence Information for CVE-2024-7917

Same Patch Batch · n/a · 2024-08-18 · 5 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2024-7917

Leave a comment