Known Vulnerabilities for products from Douco

Listed below are 18 of the newest known vulnerabilities associated with the vendor "Douco".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE	Shortened Description	Severity	Publish Date	Last Modified
CVE-2026-2226 json	A vulnerability has been found in DouPHP up to 1.9. This issue affects some unknown processing of the file /admin/file.php of...	Not Provided	2026-02-09	2026-04-29
CVE-2022-46438 json	A cross-site scripting (XSS) vulnerability in the /admin/article_category.php component of DouPHP v1.7 20221118 allows attack...	5.4 - MEDIUM	2023-01-13	2023-01-23
CVE-2022-25574 json	A stored cross-site scripting (XSS) vulnerability in the upload function of /admin/show.php allows attackers to execute arbit...	4.8 - MEDIUM	2022-03-25	2022-10-27
CVE-2022-24131 json	RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new secur...	6.1 - MEDIUM	2022-03-30	2022-04-05
CVE-2021-3370 json	DouPHP v1.6 was discovered to contain a cross-site scripting (XSS) vulnerability via /admin/cloud.php.	6.1 - MEDIUM	2021-12-08	2021-12-09
CVE-2019-12564 json	In DouCo DouPHP v1.5 Release 20190516, remote attackers can view the database backup file via a brute-force guessing approach...	9.8 - CRITICAL	2019-06-03	2020-08-24
CVE-2018-20567 json	An issue was discovered in DouCo DouPHP 1.5 20181221. \install\index.php allows a reload of the product in opportunistic circ...	5.3 - MEDIUM	2018-12-28	2019-10-03
CVE-2018-20566 json	An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in "Smarty error: unable to read resourc...	5.3 - MEDIUM	2018-12-28	2019-01-04
CVE-2018-20565 json	An issue was discovered in DouCo DouPHP 1.5 20181221. admin/nav.php?rec=update has XSS via the nav_name parameter.	4.8 - MEDIUM	2018-12-28	2019-01-04
CVE-2018-20564 json	An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product_category.php?rec=update has XSS via the cat_name paramete...	4.8 - MEDIUM	2018-12-28	2019-01-04
CVE-2018-20563 json	An issue was discovered in DouCo DouPHP 1.5 20181221. admin/mobile.php?rec=system&act=update has XSS via the mobile_name para...	4.8 - MEDIUM	2018-12-28	2019-01-04
CVE-2018-20562 json	An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article_category.php?rec=update has XSS via the cat_name paramete...	4.8 - MEDIUM	2018-12-28	2019-01-04
CVE-2018-20561 json	An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article.php?rec=update has XSS via the title parameter.	4.8 - MEDIUM	2018-12-28	2019-01-04
CVE-2018-20560 json	An issue was discovered in DouCo DouPHP 1.5 20181221. admin/show.php?rec=update has XSS via the show_name parameter.	4.8 - MEDIUM	2018-12-28	2019-01-04
CVE-2018-20559 json	An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product.php?rec=update has XSS via the name parameter.	4.8 - MEDIUM	2018-12-28	2019-01-04
CVE-2018-20558 json	An issue was discovered in DouCo DouPHP 1.5 20181221. admin/system.php?rec=update has XSS via the site_name parameter.	4.8 - MEDIUM	2018-12-28	2019-01-04
CVE-2018-20557 json	An issue was discovered in DouCo DouPHP 1.5 20181221. admin/page.php?rec=edit has XSS via the page_name parameter.	4.8 - MEDIUM	2018-12-28	2019-01-04
CVE-2018-20419 json	DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add an administrator account.	8.8 - HIGH	2018-12-24	2019-01-11

Known software with vulnerabilities from Douco

Type	Vendor	Product	Version
Application	Douco	Douphp	1.5