douco CVE Vulnerabilities & Metrics

Focus on douco vulnerabilities and metrics.

Last updated: 01 Aug 2025, 22:25 UTC

About douco Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with douco. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total douco CVEs: 19
Earliest CVE date: 24 Dec 2018, 03:29 UTC
Latest CVE date: 06 Feb 2025, 17:15 UTC

Latest CVE reference: CVE-2024-57599

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 2

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical douco CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 3.75

Max CVSS: 6.8

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	12
4.0-6.9	7
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS douco CVEs

These are the five CVEs with the highest CVSS scores for douco, sorted by severity first and recency.

CVE-2018-20419 douco Published on 24 Dec 2018, 03:29 UTC (CVSS: 6.8)
DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add an administrator account.
CVE-2024-7917 douco Published on 18 Aug 2024, 23:15 UTC (CVSS: 5.8)
A vulnerability, which was classified as critical, has been found in DouPHP 1.7 Release 20220822. Affected by this issue is some unknown functionality of the file /admin/system.php of the component Favicon Handler. The manipulation of the argument site_favicon leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2019-12564 douco Published on 03 Jun 2019, 00:29 UTC (CVSS: 5.0)
In DouCo DouPHP v1.5 Release 20190516, remote attackers can view the database backup file via a brute-force guessing approach for data/backup/DyyyymmddThhmmss.sql filenames.
CVE-2018-20567 douco Published on 28 Dec 2018, 16:29 UTC (CVSS: 5.0)
An issue was discovered in DouCo DouPHP 1.5 20181221. \install\index.php allows a reload of the product in opportunistic circumstances in which install.lock cannot be read.
CVE-2018-20566 douco Published on 28 Dec 2018, 16:29 UTC (CVSS: 5.0)
An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in "Smarty error: unable to read resource" error messages for a crafted installation page.

All CVEs for douco

CVE-2024-57599 douco vulnerability CVSS: 0 06 Feb 2025, 17:15 UTC

Cross Site Scripting vulnerability in DouPHP v.1.8 Release 20231203 allows attackers to execute arbitrary code via a crafted payload injected into the description parameter in /admin/article.php

CVE-2024-7917 douco vulnerability CVSS: 5.8 18 Aug 2024, 23:15 UTC

A vulnerability, which was classified as critical, has been found in DouPHP 1.7 Release 20220822. Affected by this issue is some unknown functionality of the file /admin/system.php of the component Favicon Handler. The manipulation of the argument site_favicon leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2022-46438 douco vulnerability CVSS: 0 13 Jan 2023, 00:15 UTC

A cross-site scripting (XSS) vulnerability in the /admin/article_category.php component of DouPHP v1.7 20221118 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the description parameter.

CVE-2022-24131 douco vulnerability CVSS: 4.3 30 Mar 2022, 12:15 UTC

DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in the background, which will lead to JavaScript code execution.

CVE-2022-25574 douco vulnerability CVSS: 3.5 25 Mar 2022, 16:15 UTC

A stored cross-site scripting (XSS) vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file.

CVE-2021-3370 douco vulnerability CVSS: 4.3 08 Dec 2021, 04:15 UTC

DouPHP v1.6 was discovered to contain a cross-site scripting (XSS) vulnerability via /admin/cloud.php.

CVE-2019-12564 douco vulnerability CVSS: 5.0 03 Jun 2019, 00:29 UTC

In DouCo DouPHP v1.5 Release 20190516, remote attackers can view the database backup file via a brute-force guessing approach for data/backup/DyyyymmddThhmmss.sql filenames.

CVE-2018-20567 douco vulnerability CVSS: 5.0 28 Dec 2018, 16:29 UTC

An issue was discovered in DouCo DouPHP 1.5 20181221. \install\index.php allows a reload of the product in opportunistic circumstances in which install.lock cannot be read.

CVE-2018-20566 douco vulnerability CVSS: 5.0 28 Dec 2018, 16:29 UTC

An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in "Smarty error: unable to read resource" error messages for a crafted installation page.

CVE-2018-20565 douco vulnerability CVSS: 3.5 28 Dec 2018, 16:29 UTC

An issue was discovered in DouCo DouPHP 1.5 20181221. admin/nav.php?rec=update has XSS via the nav_name parameter.

CVE-2018-20564 douco vulnerability CVSS: 3.5 28 Dec 2018, 16:29 UTC

An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product_category.php?rec=update has XSS via the cat_name parameter.

CVE-2018-20563 douco vulnerability CVSS: 3.5 28 Dec 2018, 16:29 UTC

An issue was discovered in DouCo DouPHP 1.5 20181221. admin/mobile.php?rec=system&act=update has XSS via the mobile_name parameter.

CVE-2018-20562 douco vulnerability CVSS: 3.5 28 Dec 2018, 16:29 UTC

An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article_category.php?rec=update has XSS via the cat_name parameter.

CVE-2018-20561 douco vulnerability CVSS: 3.5 28 Dec 2018, 16:29 UTC

An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article.php?rec=update has XSS via the title parameter.

CVE-2018-20560 douco vulnerability CVSS: 3.5 28 Dec 2018, 16:29 UTC

An issue was discovered in DouCo DouPHP 1.5 20181221. admin/show.php?rec=update has XSS via the show_name parameter.

CVE-2018-20559 douco vulnerability CVSS: 3.5 28 Dec 2018, 16:29 UTC

An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product.php?rec=update has XSS via the name parameter.

CVE-2018-20558 douco vulnerability CVSS: 3.5 28 Dec 2018, 16:29 UTC

An issue was discovered in DouCo DouPHP 1.5 20181221. admin/system.php?rec=update has XSS via the site_name parameter.

CVE-2018-20557 douco vulnerability CVSS: 3.5 28 Dec 2018, 16:29 UTC

An issue was discovered in DouCo DouPHP 1.5 20181221. admin/page.php?rec=edit has XSS via the page_name parameter.

CVE-2018-20419 douco vulnerability CVSS: 6.8 24 Dec 2018, 03:29 UTC

DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add an administrator account.