Filtered by vendor Dedecms
Subscriptions
Total
88 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-40874 | 1 Dedecms | 1 Dedecms | 2023-08-25 | 5.4 Medium |
DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_add.php via the votename and voteitem1 parameters. | ||||
CVE-2022-30508 | 1 Dedecms | 1 Dedecms | 2023-08-08 | 6.5 Medium |
DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter. | ||||
CVE-2023-36298 | 1 Dedecms | 1 Dedecms | 2023-08-07 | 8.8 High |
DedeCMS v5.7.109 has a File Upload vulnerability, leading to remote code execution (RCE). | ||||
CVE-2023-34842 | 1 Dedecms | 1 Dedecms | 2023-08-04 | 9.8 Critical |
Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows remote attackers to run arbitrary code via crafted POST request to /dede/tpl.php. | ||||
CVE-2023-37839 | 1 Dedecms | 1 Dedecms | 2023-07-27 | 9.8 Critical |
An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.109 allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
CVE-2023-31757 | 1 Dedecms | 1 Dedecms | 2023-05-26 | 5.4 Medium |
DedeCMS up to v5.7.108 is vulnerable to XSS in sys_info.php via parameters 'edit___cfg_powerby' and 'edit___cfg_beian' | ||||
CVE-2023-30380 | 1 Dedecms | 1 Dedecms | 2023-05-05 | 7.5 High |
An issue in the component /dialog/select_media.php of DedeCMS v5.7.107 allows attackers to execute a directory traversal. | ||||
CVE-2023-27733 | 1 Dedecms | 1 Dedecms | 2023-04-26 | 7.2 High |
DedeCMS v5.7.106 was discovered to contain a SQL injection vulnerability via the component /dede/sys_sql_query.php. | ||||
CVE-2023-27709 | 1 Dedecms | 1 Dedecms | 2023-03-22 | 7.2 High |
SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dedestory_catalog.php endpoint. | ||||
CVE-2023-27707 | 1 Dedecms | 1 Dedecms | 2023-03-22 | 7.2 High |
SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dede/group_store.php endpoint. | ||||
CVE-2022-48140 | 1 Dedecms | 1 Dedecms | 2023-02-09 | 5.4 Medium |
DedeCMS v5.7.97 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /file_manage_view.php?fmdo=edit&filename. | ||||
CVE-2022-46442 | 1 Dedecms | 1 Dedecms | 2023-01-06 | 9.8 Critical |
dedecms <=V5.7.102 is vulnerable to SQL Injection. In sys_ sql_ n query.php there are no restrictions on the sql query. | ||||
CVE-2022-43192 | 1 Dedecms | 1 Dedecms | 2022-11-22 | 6.7 Medium |
An arbitrary file upload vulnerability in the component /dede/file_manage_control.php of Dedecms v5.7.101 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is related to an incomplete fix for CVE-2022-40886. | ||||
CVE-2022-43031 | 1 Dedecms | 1 Dedecms | 2022-11-10 | 8.8 High |
DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords. | ||||
CVE-2022-40921 | 1 Dedecms | 1 Dedecms | 2022-10-13 | 7.2 High |
DedeCMS V5.7.99 was discovered to contain an arbitrary file upload vulnerability via the component /dede/file_manage_control.php. | ||||
CVE-2022-40886 | 1 Dedecms | 1 Dedecms | 2022-10-04 | 7.2 High |
DedeCMS 5.7.98 has a file upload vulnerability in the background. | ||||
CVE-2017-17730 | 1 Dedecms | 1 Dedecms | 2022-10-03 | N/A |
DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php. | ||||
CVE-2017-17731 | 1 Dedecms | 1 Dedecms | 2022-10-03 | N/A |
DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php. | ||||
CVE-2017-17727 | 1 Dedecms | 1 Dedecms | 2022-10-03 | N/A |
DedeCMS through 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in the templet parameter to member/article_edit.php. | ||||
CVE-2018-18608 | 1 Dedecms | 1 Dedecms | 2022-10-03 | N/A |
DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATH_INFO to /member/index.php, /member/pm.php, /member/content_list.php, or /plus/feedback.php. |