Douphp
by Douco
CVEs (21)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-2226 | Med | 0.31 | 4.7 | 0.00 | Feb 9, 2026 | A vulnerability has been found in DouPHP up to 1.9. This issue affects some unknown processing of the file /admin/file.php of the component ZIP File Handler. Such manipulation of the argument sql_filename leads to unrestricted upload. The attack can be launched remotely. The… | ||
| CVE-2025-13198 | Med | 0.31 | 4.7 | 0.00 | Nov 15, 2025 | A vulnerability has been found in DouPHP up to 1.8 Release 20251022. This impacts an unknown function of the file upload/include/file.class.php. The manipulation of the argument File leads to unrestricted upload. Remote exploitation of the attack is possible. The exploit has… | ||
| CVE-2024-57599 | 0.00 | — | 0.00 | Feb 6, 2025 | Cross Site Scripting vulnerability in DouPHP v.1.8 Release 20231203 allows attackers to execute arbitrary code via a crafted payload injected into the description parameter in /admin/article.php | |||
| CVE-2024-7917 | 0.00 | — | 0.01 | Aug 18, 2024 | A vulnerability, which was classified as critical, has been found in DouPHP 1.7 Release 20220822. Affected by this issue is some unknown functionality of the file /admin/system.php of the component Favicon Handler. The manipulation of the argument site_favicon leads to… | |||
| CVE-2023-30205 | 0.00 | — | 0.00 | May 3, 2023 | A stored cross-site scripting (XSS) vulnerability in DouPHP v1.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the unique_id parameter in /admin/article.php. | |||
| CVE-2022-46438 | 0.00 | — | 0.00 | Jan 12, 2023 | A cross-site scripting (XSS) vulnerability in the /admin/article_category.php component of DouPHP v1.7 20221118 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the description parameter. | |||
| CVE-2022-24131 | 0.00 | — | 0.01 | Mar 30, 2022 | DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in the background, which will lead to JavaScript code execution. | |||
| CVE-2021-3370 | 0.00 | — | 0.01 | Dec 8, 2021 | DouPHP v1.6 was discovered to contain a cross-site scripting (XSS) vulnerability via /admin/cloud.php. | |||
| CVE-2019-12564 | 0.00 | — | 0.02 | Jun 2, 2019 | In DouCo DouPHP v1.5 Release 20190516, remote attackers can view the database backup file via a brute-force guessing approach for data/backup/DyyyymmddThhmmss.sql filenames. | |||
| CVE-2018-20561 | 0.00 | — | 0.01 | Dec 28, 2018 | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article.php?rec=update has XSS via the title parameter. | |||
| CVE-2018-20565 | 0.00 | — | 0.01 | Dec 28, 2018 | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/nav.php?rec=update has XSS via the nav_name parameter. | |||
| CVE-2018-20564 | 0.00 | — | 0.01 | Dec 28, 2018 | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product_category.php?rec=update has XSS via the cat_name parameter. | |||
| CVE-2018-20560 | 0.00 | — | 0.01 | Dec 28, 2018 | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/show.php?rec=update has XSS via the show_name parameter. | |||
| CVE-2018-20566 | 0.00 | — | 0.01 | Dec 28, 2018 | An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in "Smarty error: unable to read resource" error messages for a crafted installation page. | |||
| CVE-2018-20563 | 0.00 | — | 0.01 | Dec 28, 2018 | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/mobile.php?rec=system&act=update has XSS via the mobile_name parameter. | |||
| CVE-2018-20562 | 0.00 | — | 0.01 | Dec 28, 2018 | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article_category.php?rec=update has XSS via the cat_name parameter. | |||
| CVE-2018-20559 | 0.00 | — | 0.01 | Dec 28, 2018 | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product.php?rec=update has XSS via the name parameter. | |||
| CVE-2018-20567 | 0.00 | — | 0.01 | Dec 28, 2018 | An issue was discovered in DouCo DouPHP 1.5 20181221. \install\index.php allows a reload of the product in opportunistic circumstances in which install.lock cannot be read. | |||
| CVE-2018-20557 | 0.00 | — | 0.01 | Dec 28, 2018 | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/page.php?rec=edit has XSS via the page_name parameter. | |||
| CVE-2018-20558 | 0.00 | — | 0.01 | Dec 28, 2018 | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/system.php?rec=update has XSS via the site_name parameter. |
- risk 0.31cvss 4.7epss 0.00
A vulnerability has been found in DouPHP up to 1.9. This issue affects some unknown processing of the file /admin/file.php of the component ZIP File Handler. Such manipulation of the argument sql_filename leads to unrestricted upload. The attack can be launched remotely. The…
- risk 0.31cvss 4.7epss 0.00
A vulnerability has been found in DouPHP up to 1.8 Release 20251022. This impacts an unknown function of the file upload/include/file.class.php. The manipulation of the argument File leads to unrestricted upload. Remote exploitation of the attack is possible. The exploit has…
- CVE-2024-57599Feb 6, 2025risk 0.00cvss —epss 0.00
Cross Site Scripting vulnerability in DouPHP v.1.8 Release 20231203 allows attackers to execute arbitrary code via a crafted payload injected into the description parameter in /admin/article.php
- CVE-2024-7917Aug 18, 2024risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, has been found in DouPHP 1.7 Release 20220822. Affected by this issue is some unknown functionality of the file /admin/system.php of the component Favicon Handler. The manipulation of the argument site_favicon leads to…
- CVE-2023-30205May 3, 2023risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability in DouPHP v1.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the unique_id parameter in /admin/article.php.
- CVE-2022-46438Jan 12, 2023risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability in the /admin/article_category.php component of DouPHP v1.7 20221118 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the description parameter.
- CVE-2022-24131Mar 30, 2022risk 0.00cvss —epss 0.01
DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in the background, which will lead to JavaScript code execution.
- CVE-2021-3370Dec 8, 2021risk 0.00cvss —epss 0.01
DouPHP v1.6 was discovered to contain a cross-site scripting (XSS) vulnerability via /admin/cloud.php.
- CVE-2019-12564Jun 2, 2019risk 0.00cvss —epss 0.02
In DouCo DouPHP v1.5 Release 20190516, remote attackers can view the database backup file via a brute-force guessing approach for data/backup/DyyyymmddThhmmss.sql filenames.
- CVE-2018-20561Dec 28, 2018risk 0.00cvss —epss 0.01
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article.php?rec=update has XSS via the title parameter.
- CVE-2018-20565Dec 28, 2018risk 0.00cvss —epss 0.01
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/nav.php?rec=update has XSS via the nav_name parameter.
- CVE-2018-20564Dec 28, 2018risk 0.00cvss —epss 0.01
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product_category.php?rec=update has XSS via the cat_name parameter.
- CVE-2018-20560Dec 28, 2018risk 0.00cvss —epss 0.01
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/show.php?rec=update has XSS via the show_name parameter.
- CVE-2018-20566Dec 28, 2018risk 0.00cvss —epss 0.01
An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in "Smarty error: unable to read resource" error messages for a crafted installation page.
- CVE-2018-20563Dec 28, 2018risk 0.00cvss —epss 0.01
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/mobile.php?rec=system&act=update has XSS via the mobile_name parameter.
- CVE-2018-20562Dec 28, 2018risk 0.00cvss —epss 0.01
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article_category.php?rec=update has XSS via the cat_name parameter.
- CVE-2018-20559Dec 28, 2018risk 0.00cvss —epss 0.01
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product.php?rec=update has XSS via the name parameter.
- CVE-2018-20567Dec 28, 2018risk 0.00cvss —epss 0.01
An issue was discovered in DouCo DouPHP 1.5 20181221. \install\index.php allows a reload of the product in opportunistic circumstances in which install.lock cannot be read.
- CVE-2018-20557Dec 28, 2018risk 0.00cvss —epss 0.01
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/page.php?rec=edit has XSS via the page_name parameter.
- CVE-2018-20558Dec 28, 2018risk 0.00cvss —epss 0.01
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/system.php?rec=update has XSS via the site_name parameter.
Page 1 of 2