CVE Tools

douco

Web & CMS Pluginsunknown

12

Cumulative CVEs

1

Monthly snapshots

#30

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting douco.

CVE-2026-2226DouPHP ZIP File file.php unrestricted upload4.7Feb 9, 2026
CVE-2024-57599Cross Site Scripting vulnerability in DouPHP v.1.8 Release 20231203 allows attackers to execute arbitrary code via a crafted payload injected into the description parameter in /admin/article.php4.8Feb 6, 2025
CVE-2024-7917DouPHP Favicon system.php unrestricted upload4.7Aug 18, 2024
CVE-2022-46438A cross-site scripting (XSS) vulnerability in the /admin/article_category.php component of DouPHP v1.7 20221118 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injec...5.4Jan 12, 2023
CVE-2022-24131DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in the background, which will lead to JavaScript code execution.6.1Mar 30, 2022
CVE-2022-25574A stored cross-site scripting (XSS) vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file.4.8Mar 25, 2022
CVE-2021-3370DouPHP v1.6 was discovered to contain a cross-site scripting (XSS) vulnerability via /admin/cloud.php.6.1Dec 8, 2021
CVE-2019-12564In DouCo DouPHP v1.5 Release 20190516, remote attackers can view the database backup file via a brute-force guessing approach for data/backup/DyyyymmddThhmmss.sql filenames.9.8Jun 2, 2019
CVE-2018-20567An issue was discovered in DouCo DouPHP 1.5 20181221. \install\index.php allows a reload of the product in opportunistic circumstances in which install.lock cannot be read.5.3Dec 28, 2018
CVE-2018-20566An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in "Smarty error: unable to read resource" error messages for a crafted installation page.5.3Dec 28, 2018
CVE-2018-20565An issue was discovered in DouCo DouPHP 1.5 20181221. admin/nav.php?rec=update has XSS via the nav_name parameter.4.8Dec 28, 2018
CVE-2018-20564An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product_category.php?rec=update has XSS via the cat_name parameter.4.8Dec 28, 2018
CVE-2018-20563An issue was discovered in DouCo DouPHP 1.5 20181221. admin/mobile.php?rec=system&act=update has XSS via the mobile_name parameter.4.8Dec 28, 2018
CVE-2018-20562An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article_category.php?rec=update has XSS via the cat_name parameter.4.8Dec 28, 2018
CVE-2018-20561An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article.php?rec=update has XSS via the title parameter.4.8Dec 28, 2018