CVE-2025-13198

MEDIUM 4.7

DouPHP file.class.php unrestricted upload

CVSS Score

4.7

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability has been found in DouPHP up to 1.8 Release 20251022. This impacts an unknown function of the file upload/include/file.class.php. The manipulation of the argument File leads to unrestricted upload. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

CWE	CWE-434 CWE-284
Vendor	n/a
Product	douphp
Published	Nov 15, 2025
Last Updated	Feb 24, 2026

Stay Ahead of the Next One

Get instant alerts for n/a douphp

Be the first to know when new medium vulnerabilities affecting n/a douphp are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

n/a / DouPHP

1.8 Release 20251022

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.332496 vuldb.com: https://vuldb.com/?ctiid.332496 vuldb.com: https://vuldb.com/?submit.685544 github.com: https://github.com/electroN1chahaha/My-CVE/issues/1

Credits

🔍 electroN1c (VulDB User)