Douco

douco

20 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Douphp

douphp

20 CVEs

CVEs (20)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-2226 1Douco 1Douphp Apr 29, 2026 Feb 9, 2026 2.0 LOW· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A vulnerability has been found in DouPHP up to 1.9. This issue affects some unknown processing of the file /admin/file.php of the component ZIP File Handler. Such manipulation of the argument sql_filename leads to unrest...Show more A vulnerability has been found in DouPHP up to 1.9. This issue affects some unknown processing of the file /admin/file.php of the component ZIP File Handler. Such manipulation of the argument sql_filename leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2024-57599 1Douco 1Douphp Jul 3, 2025 Feb 6, 2025 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Cross Site Scripting vulnerability in DouPHP v.1.8 Release 20231203 allows attackers to execute arbitrary code via a crafted payload injected into the description parameter in /admin/article.php
CVE-2024-7917 1Douco 1Douphp Aug 21, 2024 Aug 18, 2024 5.1 MEDIUM· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A vulnerability, which was classified as critical, has been found in DouPHP 1.7 Release 20220822. Affected by this issue is some unknown functionality of the file /admin/system.php of the component Favicon Handler. The m...Show more A vulnerability, which was classified as critical, has been found in DouPHP 1.7 Release 20220822. Affected by this issue is some unknown functionality of the file /admin/system.php of the component Favicon Handler. The manipulation of the argument site_favicon leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2022-46438 1Douco 1Douphp Apr 8, 2025 Jan 13, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A cross-site scripting (XSS) vulnerability in the /admin/article_category.php component of DouPHP v1.7 20221118 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the descriptio...Show more A cross-site scripting (XSS) vulnerability in the /admin/article_category.php component of DouPHP v1.7 20221118 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the description parameter.Show less
CVE-2022-24131 1Douco 1Douphp Nov 21, 2024 Mar 30, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in the background, which will lead to JavaScript code execution.
CVE-2022-25574 1Douco 1Douphp Nov 21, 2024 Mar 25, 2022 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 A stored cross-site scripting (XSS) vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file.
CVE-2021-3370 1Douco 1Douphp Nov 21, 2024 Dec 8, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 DouPHP v1.6 was discovered to contain a cross-site scripting (XSS) vulnerability via /admin/cloud.php.
CVE-2019-12564 1Douco 1Douphp Nov 21, 2024 Jun 3, 2019 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 In DouCo DouPHP v1.5 Release 20190516, remote attackers can view the database backup file via a brute-force guessing approach for data/backup/DyyyymmddThhmmss.sql filenames.
CVE-2018-20567 1Douco 1Douphp Nov 21, 2024 Dec 28, 2018 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An issue was discovered in DouCo DouPHP 1.5 20181221. \install\index.php allows a reload of the product in opportunistic circumstances in which install.lock cannot be read.
CVE-2018-20566 1Douco 1Douphp Nov 21, 2024 Dec 28, 2018 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in "Smarty error: unable to read resource" error messages for a crafted installation page.
CVE-2018-20565 1Douco 1Douphp Nov 21, 2024 Dec 28, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 An issue was discovered in DouCo DouPHP 1.5 20181221. admin/nav.php?rec=update has XSS via the nav_name parameter.
CVE-2018-20564 1Douco 1Douphp Nov 21, 2024 Dec 28, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product_category.php?rec=update has XSS via the cat_name parameter.
CVE-2018-20563 1Douco 1Douphp Nov 21, 2024 Dec 28, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 An issue was discovered in DouCo DouPHP 1.5 20181221. admin/mobile.php?rec=system&act=update has XSS via the mobile_name parameter.
CVE-2018-20562 1Douco 1Douphp Nov 21, 2024 Dec 28, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article_category.php?rec=update has XSS via the cat_name parameter.
CVE-2018-20561 1Douco 1Douphp Nov 21, 2024 Dec 28, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article.php?rec=update has XSS via the title parameter.
CVE-2018-20560 1Douco 1Douphp Nov 21, 2024 Dec 28, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 An issue was discovered in DouCo DouPHP 1.5 20181221. admin/show.php?rec=update has XSS via the show_name parameter.
CVE-2018-20559 1Douco 1Douphp Nov 21, 2024 Dec 28, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product.php?rec=update has XSS via the name parameter.
CVE-2018-20558 1Douco 1Douphp Nov 21, 2024 Dec 28, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 An issue was discovered in DouCo DouPHP 1.5 20181221. admin/system.php?rec=update has XSS via the site_name parameter.
CVE-2018-20557 1Douco 1Douphp Nov 21, 2024 Dec 28, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 An issue was discovered in DouCo DouPHP 1.5 20181221. admin/page.php?rec=edit has XSS via the page_name parameter.
CVE-2018-20419 1Douco 1Douphp Nov 21, 2024 Dec 24, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add an administrator account.