VYPR

Douphp

by Douco

CVEs (21)

  • CVE-2026-2226MedFeb 9, 2026
    risk 0.31cvss 4.7epss 0.00

    A vulnerability has been found in DouPHP up to 1.9. This issue affects some unknown processing of the file /admin/file.php of the component ZIP File Handler. Such manipulation of the argument sql_filename leads to unrestricted upload. The attack can be launched remotely. The…

  • CVE-2025-13198MedNov 15, 2025
    risk 0.31cvss 4.7epss 0.00

    A vulnerability has been found in DouPHP up to 1.8 Release 20251022. This impacts an unknown function of the file upload/include/file.class.php. The manipulation of the argument File leads to unrestricted upload. Remote exploitation of the attack is possible. The exploit has…

  • CVE-2024-57599Feb 6, 2025
    risk 0.00cvss epss 0.00

    Cross Site Scripting vulnerability in DouPHP v.1.8 Release 20231203 allows attackers to execute arbitrary code via a crafted payload injected into the description parameter in /admin/article.php

  • CVE-2024-7917Aug 18, 2024
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, has been found in DouPHP 1.7 Release 20220822. Affected by this issue is some unknown functionality of the file /admin/system.php of the component Favicon Handler. The manipulation of the argument site_favicon leads to…

  • CVE-2023-30205May 3, 2023
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in DouPHP v1.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the unique_id parameter in /admin/article.php.

  • CVE-2022-46438Jan 12, 2023
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in the /admin/article_category.php component of DouPHP v1.7 20221118 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the description parameter.

  • CVE-2022-24131Mar 30, 2022
    risk 0.00cvss epss 0.01

    DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in the background, which will lead to JavaScript code execution.

  • CVE-2021-3370Dec 8, 2021
    risk 0.00cvss epss 0.01

    DouPHP v1.6 was discovered to contain a cross-site scripting (XSS) vulnerability via /admin/cloud.php.

  • CVE-2019-12564Jun 2, 2019
    risk 0.00cvss epss 0.02

    In DouCo DouPHP v1.5 Release 20190516, remote attackers can view the database backup file via a brute-force guessing approach for data/backup/DyyyymmddThhmmss.sql filenames.

  • CVE-2018-20561Dec 28, 2018
    risk 0.00cvss epss 0.01

    An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article.php?rec=update has XSS via the title parameter.

  • CVE-2018-20565Dec 28, 2018
    risk 0.00cvss epss 0.01

    An issue was discovered in DouCo DouPHP 1.5 20181221. admin/nav.php?rec=update has XSS via the nav_name parameter.

  • CVE-2018-20564Dec 28, 2018
    risk 0.00cvss epss 0.01

    An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product_category.php?rec=update has XSS via the cat_name parameter.

  • CVE-2018-20560Dec 28, 2018
    risk 0.00cvss epss 0.01

    An issue was discovered in DouCo DouPHP 1.5 20181221. admin/show.php?rec=update has XSS via the show_name parameter.

  • CVE-2018-20566Dec 28, 2018
    risk 0.00cvss epss 0.01

    An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in "Smarty error: unable to read resource" error messages for a crafted installation page.

  • CVE-2018-20563Dec 28, 2018
    risk 0.00cvss epss 0.01

    An issue was discovered in DouCo DouPHP 1.5 20181221. admin/mobile.php?rec=system&act=update has XSS via the mobile_name parameter.

  • CVE-2018-20562Dec 28, 2018
    risk 0.00cvss epss 0.01

    An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article_category.php?rec=update has XSS via the cat_name parameter.

  • CVE-2018-20559Dec 28, 2018
    risk 0.00cvss epss 0.01

    An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product.php?rec=update has XSS via the name parameter.

  • CVE-2018-20567Dec 28, 2018
    risk 0.00cvss epss 0.01

    An issue was discovered in DouCo DouPHP 1.5 20181221. \install\index.php allows a reload of the product in opportunistic circumstances in which install.lock cannot be read.

  • CVE-2018-20557Dec 28, 2018
    risk 0.00cvss epss 0.01

    An issue was discovered in DouCo DouPHP 1.5 20181221. admin/page.php?rec=edit has XSS via the page_name parameter.

  • CVE-2018-20558Dec 28, 2018
    risk 0.00cvss epss 0.01

    An issue was discovered in DouCo DouPHP 1.5 20181221. admin/system.php?rec=update has XSS via the site_name parameter.

Page 1 of 2