CVE-2026-2226

Name of the Vulnerable Software and Affected Versions DouPHP versions up to 1.9

Description A flaw exists in DouPHP that involves improper handling of files within the ZIP File Handler component. Specifically, the issue relates to the processing of the /admin/file.php file. Manipulation of the sql filename argument can lead to unrestricted file uploads, allowing remote attackers to potentially compromise the system. The exploit for this issue has been publicly disclosed.

Recommendations Versions prior to 2.0 are vulnerable. At the moment, there is no information about a newer version that contains a fix for this vulnerability.