Douran Portal versions 3.9.7.55 and below suffer from information disclosure, cross site scripting and shell upload vulnerabilities. The vendor has notified Packet Storm that everything has been fixed as of version 3.9.8.0 in June, 2011.
90d3218d6c7e198e85c53ccc414184159561f5cc9458e34945e363e5cb51b9b7