Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Douco Subscribe
Filtered by product Douphp
Total 17 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-46438 1 Douco 1 Douphp 2023-01-23 N/A 5.4 MEDIUM
A cross-site scripting (XSS) vulnerability in the /admin/article_category.php component of DouPHP v1.7 20221118 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the description parameter.
CVE-2022-25574 1 Douco 1 Douphp 2022-10-27 3.5 LOW 4.8 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file.
CVE-2022-24131 1 Douco 1 Douphp 2022-04-05 4.3 MEDIUM 6.1 MEDIUM
DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in the background, which will lead to JavaScript code execution.
CVE-2021-3370 1 Douco 1 Douphp 2021-12-08 4.3 MEDIUM 6.1 MEDIUM
DouPHP v1.6 was discovered to contain a cross-site scripting (XSS) vulnerability via /admin/cloud.php.
CVE-2019-12564 1 Douco 1 Douphp 2020-08-24 5.0 MEDIUM 9.8 CRITICAL
In DouCo DouPHP v1.5 Release 20190516, remote attackers can view the database backup file via a brute-force guessing approach for data/backup/DyyyymmddThhmmss.sql filenames.
CVE-2018-20567 1 Douco 1 Douphp 2019-10-02 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in DouCo DouPHP 1.5 20181221. \install\index.php allows a reload of the product in opportunistic circumstances in which install.lock cannot be read.
CVE-2018-20419 1 Douco 1 Douphp 2019-01-11 6.8 MEDIUM 8.8 HIGH
DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add an administrator account.
CVE-2018-20564 1 Douco 1 Douphp 2019-01-04 3.5 LOW 4.8 MEDIUM
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product_category.php?rec=update has XSS via the cat_name parameter.
CVE-2018-20565 1 Douco 1 Douphp 2019-01-04 3.5 LOW 4.8 MEDIUM
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/nav.php?rec=update has XSS via the nav_name parameter.
CVE-2018-20566 1 Douco 1 Douphp 2019-01-04 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in "Smarty error: unable to read resource" error messages for a crafted installation page.
CVE-2018-20558 1 Douco 1 Douphp 2019-01-04 3.5 LOW 4.8 MEDIUM
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/system.php?rec=update has XSS via the site_name parameter.
CVE-2018-20557 1 Douco 1 Douphp 2019-01-04 3.5 LOW 4.8 MEDIUM
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/page.php?rec=edit has XSS via the page_name parameter.
CVE-2018-20560 1 Douco 1 Douphp 2019-01-04 3.5 LOW 4.8 MEDIUM
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/show.php?rec=update has XSS via the show_name parameter.
CVE-2018-20559 1 Douco 1 Douphp 2019-01-04 3.5 LOW 4.8 MEDIUM
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product.php?rec=update has XSS via the name parameter.
CVE-2018-20561 1 Douco 1 Douphp 2019-01-04 3.5 LOW 4.8 MEDIUM
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article.php?rec=update has XSS via the title parameter.
CVE-2018-20562 1 Douco 1 Douphp 2019-01-04 3.5 LOW 4.8 MEDIUM
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article_category.php?rec=update has XSS via the cat_name parameter.
CVE-2018-20563 1 Douco 1 Douphp 2019-01-04 3.5 LOW 4.8 MEDIUM
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/mobile.php?rec=system&act=update has XSS via the mobile_name parameter.