彙總 douco 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
歷史漏洞主要涉及 CSRF與路徑處理缺陷 等問題,部分漏洞可能導致 檔案覆寫,並影響 生產負載與軟體部署 相關場景。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2026-2226 | A vulnerability has been found in DouPHP up to 1.9. This issue affects some unknown processing of the file /admin/file.php of the component ZIP File Handler. Such manipulation of the argument sql_filename leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 2.0 | 0.36% | 2026-02-09 | 2026-06-17 |
| CVE-2024-57599 | Cross Site Scripting vulnerability in DouPHP v.1.8 Release 20231203 allows attackers to execute arbitrary code via a crafted payload injected into the description parameter in /admin/article.php | [email protected] | 4.8 | 0.30% | 2025-02-06 | 2026-06-17 |
| CVE-2024-7917 | A vulnerability, which was classified as critical, has been found in DouPHP 1.7 Release 20220822. Affected by this issue is some unknown functionality of the file /admin/system.php of the component Favicon Handler. The manipulation of the argument site_favicon leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 5.1 | 0.59% | 2024-08-18 | 2026-06-17 |
| CVE-2022-46438 | A cross-site scripting (XSS) vulnerability in the /admin/article_category.php component of DouPHP v1.7 20221118 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the description parameter. | [email protected] | 5.4 | 0.40% | 2023-01-12 | 2026-06-17 |
| CVE-2022-24131 | DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in the background, which will lead to JavaScript code execution. | [email protected] | 6.1 | 0.82% | 2022-03-30 | 2026-06-17 |
| CVE-2022-25574 | A stored cross-site scripting (XSS) vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file. | [email protected] | 4.8 | 0.42% | 2022-03-25 | 2026-06-17 |
| CVE-2021-3370 | DouPHP v1.6 was discovered to contain a cross-site scripting (XSS) vulnerability via /admin/cloud.php. | [email protected] | 6.1 | 0.56% | 2021-12-07 | 2026-06-17 |
| CVE-2019-12564 | In DouCo DouPHP v1.5 Release 20190516, remote attackers can view the database backup file via a brute-force guessing approach for data/backup/DyyyymmddThhmmss.sql filenames. | [email protected] | 9.8 | 2.01% | 2019-06-02 | 2026-06-16 |
| CVE-2018-20567 | An issue was discovered in DouCo DouPHP 1.5 20181221. \install\index.php allows a reload of the product in opportunistic circumstances in which install.lock cannot be read. | [email protected] | 5.3 | 1.03% | 2018-12-28 | 2026-06-16 |
| CVE-2018-20566 | An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in "Smarty error: unable to read resource" error messages for a crafted installation page. | [email protected] | 5.3 | 1.29% | 2018-12-28 | 2026-06-16 |
| CVE-2018-20565 | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/nav.php?rec=update has XSS via the nav_name parameter. | [email protected] | 4.8 | 0.53% | 2018-12-28 | 2026-06-16 |
| CVE-2018-20564 | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product_category.php?rec=update has XSS via the cat_name parameter. | [email protected] | 4.8 | 0.53% | 2018-12-28 | 2026-06-16 |
| CVE-2018-20563 | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/mobile.php?rec=system&act=update has XSS via the mobile_name parameter. | [email protected] | 4.8 | 0.53% | 2018-12-28 | 2026-06-16 |
| CVE-2018-20562 | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article_category.php?rec=update has XSS via the cat_name parameter. | [email protected] | 4.8 | 0.53% | 2018-12-28 | 2026-06-16 |
| CVE-2018-20561 | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article.php?rec=update has XSS via the title parameter. | [email protected] | 4.8 | 0.53% | 2018-12-28 | 2026-06-16 |
| CVE-2018-20560 | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/show.php?rec=update has XSS via the show_name parameter. | [email protected] | 4.8 | 0.53% | 2018-12-28 | 2026-06-16 |
| CVE-2018-20559 | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product.php?rec=update has XSS via the name parameter. | [email protected] | 4.8 | 0.53% | 2018-12-28 | 2026-06-16 |
| CVE-2018-20558 | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/system.php?rec=update has XSS via the site_name parameter. | [email protected] | 4.8 | 0.53% | 2018-12-28 | 2026-06-16 |
| CVE-2018-20557 | An issue was discovered in DouCo DouPHP 1.5 20181221. admin/page.php?rec=edit has XSS via the page_name parameter. | [email protected] | 4.8 | 0.53% | 2018-12-28 | 2026-06-16 |
| CVE-2018-20419 | DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add an administrator account. | [email protected] | 8.8 | 0.48% | 2018-12-23 | 2026-06-16 |