Douco Douphp

20 CVEs affecting Douco Douphp. Latest disclosed: 2026-02-09. Critical: 1, High: 1.

Top CVEs affecting Douco Douphp
CVESeverityScorePublishedSummary
CVE-2019-12564Critical9.82019-06-03In DouCo DouPHP v1.5 Release 20190516, remote attackers can view the database backup file via a brute-force guessing approach for data/backup/DyyyymmddThhmmss…
CVE-2018-20419High8.82018-12-24DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add an administrator account.
CVE-2022-24131Medium6.12022-03-30DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in the background, which will lead to JavaScript code execution.
CVE-2021-3370Medium6.12021-12-08DouPHP v1.6 was discovered to contain a cross-site scripting (XSS) vulnerability via /admin/cloud.php.
CVE-2022-46438Medium5.42023-01-13A cross-site scripting (XSS) vulnerability in the /admin/article_category.php component of DouPHP v1.7 20221118 allows attackers to execute arbitrary web scrip…
CVE-2018-20567Medium5.32018-12-28An issue was discovered in DouCo DouPHP 1.5 20181221. \install\index.php allows a reload of the product in opportunistic circumstances in which install.lock ca…
CVE-2018-20566Medium5.32018-12-28An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in "Smarty error: unable to read resource" error messages for a crafted in…
CVE-2024-57599Medium4.82025-02-06Cross Site Scripting vulnerability in DouPHP v.1.8 Release 20231203 allows attackers to execute arbitrary code via a crafted payload injected into the descript…
CVE-2022-25574Medium4.82022-03-25A stored cross-site scripting (XSS) vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a cra…
CVE-2018-20565Medium4.82018-12-28An issue was discovered in DouCo DouPHP 1.5 20181221. admin/nav.php?rec=update has XSS via the nav_name parameter.
CVE-2018-20564Medium4.82018-12-28An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product_category.php?rec=update has XSS via the cat_name parameter.
CVE-2018-20563Medium4.82018-12-28An issue was discovered in DouCo DouPHP 1.5 20181221. admin/mobile.php?rec=system&act=update has XSS via the mobile_name parameter.
CVE-2018-20562Medium4.82018-12-28An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article_category.php?rec=update has XSS via the cat_name parameter.
CVE-2018-20561Medium4.82018-12-28An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article.php?rec=update has XSS via the title parameter.
CVE-2018-20560Medium4.82018-12-28An issue was discovered in DouCo DouPHP 1.5 20181221. admin/show.php?rec=update has XSS via the show_name parameter.
CVE-2018-20559Medium4.82018-12-28An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product.php?rec=update has XSS via the name parameter.
CVE-2018-20558Medium4.82018-12-28An issue was discovered in DouCo DouPHP 1.5 20181221. admin/system.php?rec=update has XSS via the site_name parameter.
CVE-2018-20557Medium4.82018-12-28An issue was discovered in DouCo DouPHP 1.5 20181221. admin/page.php?rec=edit has XSS via the page_name parameter.
CVE-2026-2226Medium4.72026-02-09A vulnerability has been found in DouPHP up to 1.9. This issue affects some unknown processing of the file /admin/file.php of the component ZIP File Handler. S…
CVE-2024-7917Medium4.72024-08-18A vulnerability, which was classified as critical, has been found in DouPHP 1.7 Release 20220822. Affected by this issue is some unknown functionality of the f…