Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in "Smarty error: unable to read resource" error messages for a crafted installation page.
AnalysisAI
An issue was discovered in DouCo DouPHP 1.5 20181221. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in "Smarty error: unable to read resource" error messages for a crafted installation page. Affected products include: Douco Douphp.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.
In DouCo DouPHP v1.5 Release 20190516, remote attackers can view the database backup file via a brute-force guessing app
DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add an administrator account. Rated high severity (CVSS
DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in the background, which
An issue was discovered in DouCo DouPHP 1.5 20181221. Rated medium severity (CVSS 5.3), this vulnerability is remotely e
A vulnerability, which was classified as critical, has been found in DouPHP 1.7 Release 20220822. Rated medium severity
An issue was discovered in DouCo DouPHP 1.5 20181221. Rated medium severity (CVSS 4.8), this vulnerability is remotely e
An issue was discovered in DouCo DouPHP 1.5 20181221. Rated medium severity (CVSS 4.8), this vulnerability is remotely e
An issue was discovered in DouCo DouPHP 1.5 20181221. Rated medium severity (CVSS 4.8), this vulnerability is remotely e
An issue was discovered in DouCo DouPHP 1.5 20181221. Rated medium severity (CVSS 4.8), this vulnerability is remotely e
An issue was discovered in DouCo DouPHP 1.5 20181221. Rated medium severity (CVSS 4.8), this vulnerability is remotely e
An issue was discovered in DouCo DouPHP 1.5 20181221. Rated medium severity (CVSS 4.8), this vulnerability is remotely e
An issue was discovered in DouCo DouPHP 1.5 20181221. Rated medium severity (CVSS 4.8), this vulnerability is remotely e
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today