Filtered by vendor Dedecms
Subscriptions
Filtered by product Dedecms
Subscriptions
Total
88 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-18578 | 1 Dedecms | 1 Dedecms | 2022-10-03 | N/A |
DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter. | ||||
CVE-2018-18579 | 1 Dedecms | 1 Dedecms | 2022-10-03 | N/A |
Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter. | ||||
CVE-2018-19061 | 1 Dedecms | 1 Dedecms | 2022-10-03 | N/A |
DedeCMS 5.7 SP2 has SQL Injection via the dede\co_do.php ids parameter. | ||||
CVE-2010-1097 | 1 Dedecms | 1 Dedecms | 2022-10-03 | N/A |
include/userlogin.class.php in DeDeCMS 5.5 GBK, when session.auto_start is enabled, allows remote attackers to bypass authentication and gain administrative access via a value of 1 for the _SESSION[dede_admin_id] parameter, as demonstrated by a request to uploads/include/dialog/select_soft_post.php. | ||||
CVE-2019-8933 | 1 Dedecms | 1 Dedecms | 2022-10-03 | N/A |
In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory (without being blocked by the Web Application Firewall), and then execute this file, via this sequence of steps: visiting the management page, clicking on the template, clicking on Default Template Management, clicking on New Template, and modifying the filename from ../index.html to ../index.php. | ||||
CVE-2022-36583 | 1 Dedecms | 1 Dedecms | 2022-09-07 | 6.1 Medium |
DedeCMS V5.7.97 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/co_do.php via the dopost, rpok, and aid parameters. | ||||
CVE-2022-36216 | 1 Dedecms | 1 Dedecms | 2022-08-19 | 7.2 High |
DedeCMS v5.7.94 - v5.7.97 was discovered to contain a remote code execution vulnerability in member_toadmin.php. | ||||
CVE-2022-35516 | 1 Dedecms | 1 Dedecms | 2022-08-19 | 9.8 Critical |
DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code execution vulnerability in login.php. | ||||
CVE-2022-34531 | 1 Dedecms | 1 Dedecms | 2022-08-05 | 9.8 Critical |
DedeCMS v5.7.95 was discovered to contain a remote code execution (RCE) vulnerability via the component mytag_ main.php. | ||||
CVE-2020-27533 | 1 Dedecms | 1 Dedecms | 2022-06-03 | 5.4 Medium |
A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to inject code into web pages, and other users will be affected when viewing web pages. | ||||
CVE-2022-23337 | 1 Dedecms | 1 Dedecms | 2022-02-22 | 9.8 Critical |
DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerability in article_coonepage_rule.php via the ids parameter. | ||||
CVE-2018-6910 | 1 Dedecms | 1 Dedecms | 2022-02-19 | 7.5 High |
DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php. | ||||
CVE-2018-6881 | 2 Dedecms, Phome | 2 Dedecms, Empirecms | 2022-02-19 | 5.3 Medium |
EmpireCMS 6.6 allows remote attackers to discover the full path via an array value for a parameter to admin/tool/ShowPic.php. | ||||
CVE-2020-36490 | 1 Dedecms | 1 Dedecms | 2021-10-28 | 5.4 Medium |
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. | ||||
CVE-2020-36491 | 1 Dedecms | 1 Dedecms | 2021-10-28 | 5.4 Medium |
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tags_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. | ||||
CVE-2020-23046 | 1 Dedecms | 1 Dedecms | 2021-10-28 | 6.1 Medium |
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tpl.php via the `filename`, `mid`, `userid`, and `templet' parameters. | ||||
CVE-2020-23044 | 1 Dedecms | 1 Dedecms | 2021-10-28 | 5.4 Medium |
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_pic_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. | ||||
CVE-2020-36494 | 1 Dedecms | 1 Dedecms | 2021-10-26 | 6.1 Medium |
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component mychannel_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters. | ||||
CVE-2020-36493 | 1 Dedecms | 1 Dedecms | 2021-10-26 | 5.4 Medium |
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component media_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. | ||||
CVE-2020-36492 | 1 Dedecms | 1 Dedecms | 2021-10-26 | 5.4 Medium |
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component select_media.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. |