CVE-2025-13198

Name of the Vulnerable Software and Affected Versions DouPHP versions prior to 1.8 Release 20251022

Description A flaw exists in DouPHP that allows for unrestricted file uploads. This issue is related to the file upload component and specifically affects the file.class.php file. The File argument can be manipulated to achieve this. Remote exploitation is possible, and the exploit details have been publicly disclosed.

Recommendations Update DouPHP to version 1.8 Release 20251022 or later. As a temporary workaround, restrict access to the file upload functionality until a patch is available.