VYPR
Vendor

DouPHP

Products
1
CVEs
7
Across products
7
Status
Private

Products

1

Recent CVEs

7
  • CVE-2022-24131MedMar 30, 2022
    risk 0.40cvss 6.1epss 0.01

    DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in the background, which will lead to JavaScript code execution.

  • CVE-2021-3370MedDec 8, 2021
    risk 0.40cvss 6.1epss 0.01

    DouPHP v1.6 was discovered to contain a cross-site scripting (XSS) vulnerability via /admin/cloud.php.

  • CVE-2022-46438MedJan 13, 2023
    risk 0.35cvss 5.4epss 0.00

    A cross-site scripting (XSS) vulnerability in the /admin/article_category.php component of DouPHP v1.7 20221118 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the description parameter.

  • CVE-2025-13198MedNov 15, 2025
    risk 0.31cvss 4.7epss 0.00

    A vulnerability has been found in DouPHP up to 1.8 Release 20251022. This impacts an unknown function of the file upload/include/file.class.php. The manipulation of the argument File leads to unrestricted upload. Remote exploitation of the attack is possible. The exploit has…

  • CVE-2024-57599MedFeb 6, 2025
    risk 0.31cvss 4.8epss 0.00

    Cross Site Scripting vulnerability in DouPHP v.1.8 Release 20231203 allows attackers to execute arbitrary code via a crafted payload injected into the description parameter in /admin/article.php

  • CVE-2024-7917MedAug 18, 2024
    risk 0.31cvss 4.7epss 0.01

    A vulnerability, which was classified as critical, has been found in DouPHP 1.7 Release 20220822. Affected by this issue is some unknown functionality of the file /admin/system.php of the component Favicon Handler. The manipulation of the argument site_favicon leads to…

  • CVE-2023-30205MedMay 3, 2023
    risk 0.31cvss 4.8epss 0.00

    A stored cross-site scripting (XSS) vulnerability in DouPHP v1.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the unique_id parameter in /admin/article.php.