CVE-2018-20567
CVE-2018-20567 is a medium-severity vulnerability in Douco Douphp with a CVSS 3.x base score of 5.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-732.
Key facts
- Severity: Medium (CVSS 3.x base score 5.3)
- CVSS v2: 5.0
- EPSS exploit prediction: 1% (60th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-732
- Affected product: Douco Douphp
- Published:
- Last modified:
Description
An issue was discovered in DouCo DouPHP 1.5 20181221. \install\index.php allows a reload of the product in opportunistic circumstances in which install.lock cannot be read.
Frequently asked questions
- What is CVE-2018-20567?
- An issue was discovered in DouCo DouPHP 1.5 20181221. \install\index.php allows a reload of the product in opportunistic circumstances in which install.lock cannot be read.
- How severe is CVE-2018-20567?
- CVE-2018-20567 has a CVSS 3.x base score of 5.3, rated medium severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is none, integrity none, and availability low.
- Is CVE-2018-20567 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (60th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2018-20567?
- CVE-2018-20567 affects Douco Douphp. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2018-20567?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2018-20567 published?
- CVE-2018-20567 was published on 2018-12-28 and last updated on 2026-06-17.
References
Affected products (1)
- cpe:2.3:a:douco:douphp:1.5:20181221:*:*:*:*:*:*
More vulnerabilities in Douco Douphp
- CVE-2019-12564 — Critical (CVSS 9.8): In DouCo DouPHP v1.5 Release 20190516, remote attackers can view the database backup file via a brute-force guessing…
- CVE-2018-20419 — High (CVSS 8.8): DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add an administrator account.
- CVE-2022-24131 — Medium (CVSS 6.1): DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in the background,…
- CVE-2021-3370 — Medium (CVSS 6.1): DouPHP v1.6 was discovered to contain a cross-site scripting (XSS) vulnerability via /admin/cloud.php.
- CVE-2022-46438 — Medium (CVSS 5.4): A cross-site scripting (XSS) vulnerability in the /admin/article_category.php component of DouPHP v1.7 20221118 allows…
- CVE-2018-20566 — Medium (CVSS 5.3): An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in "Smarty error: unable to read…
All CVEs affecting Douco Douphp →
Other CWE-732 (Incorrect Permission Assignment for Critical Resource) vulnerabilities
- CVE-2026-9508 — Critical (CVSS 10.0): Incorrect permission settings on a critical resource in Suprema BioStar 2 (versions 2.9.3 through 2.9.11) that allow…
- CVE-2025-14988 — Critical (CVSS 10.0): A security issue has been identified in ibaPDA that could allow unauthorized actions on the file system under certain…
- CVE-2025-69426 — Critical (CVSS 10.0): The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) contain hardcoded credentials for an operating…
- CVE-2025-12004 — Critical (CVSS 10.0): Incorrect Permission Assignment for Critical Resource vulnerability in The Wikimedia Foundation Mediawiki - Lockdown…
- CVE-2014-125121 — Critical (CVSS 10.0): Array Networks vAPV (version 8.3.2.17) and vxAG (version 9.2.0.34) appliances are affected by a privilege escalation…
- CVE-2025-46093 — Critical (CVSS 9.9): LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 (setuid and setgid), which allows FTPDrop users to…
Browse all CWE-732 (Incorrect Permission Assignment for Critical Resource) vulnerabilities →