CVE-2024-57599

Name of the Vulnerable Software and Affected Versions: DouPHP version 1.8 Release 20231203

Description: The issue allows attackers to execute arbitrary code via a crafted payload injected into the description parameter in "/admin/article.php" API endpoint. This enables attackers to perform unauthorized actions on the affected system.

Recommendations: For DouPHP version 1.8 Release 20231203, consider disabling the /admin/article.php endpoint until a patch is available, or restrict access to this endpoint to minimize the risk of exploitation. Avoid using the description parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.