Dedecms
by Dedecms
Source repositories
CVEs (169)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-12183 | 0.00 | — | 0.00 | Dec 4, 2024 | A vulnerability, which was classified as problematic, was found in DedeCMS 5.7.116. This affects the function RemoveXSS of the file /plus/carbuyaction.php of the component HTTP POST Request Handler. The manipulation leads to cross site scripting. It is possible to initiate the… | |||
| CVE-2024-12182 | 0.00 | — | 0.00 | Dec 4, 2024 | A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7.116. Affected by this issue is some unknown functionality of the file /member/soft_add.php. The manipulation of the argument body leads to cross site scripting. The attack may be launched… | |||
| CVE-2024-12181 | 0.00 | — | 0.00 | Dec 4, 2024 | A vulnerability classified as problematic was found in DedeCMS 5.7.116. Affected by this vulnerability is an unknown functionality of the file /member/uploads_add.php of the component SWF File Handler. The manipulation of the argument mediatype leads to cross site scripting. The… | |||
| CVE-2024-12180 | 0.00 | — | 0.00 | Dec 4, 2024 | A vulnerability classified as problematic has been found in DedeCMS 5.7.116. Affected is an unknown function of the file /member/article_add.php. The manipulation of the argument body leads to cross site scripting. It is possible to launch the attack remotely. The exploit has… | |||
| CVE-2024-11138 | 0.00 | — | 0.02 | Nov 12, 2024 | A vulnerability classified as problematic has been found in DedeCMS 5.7.116. This affects an unknown part of the file /dede/uploads/dede/friendlink_add.php. The manipulation of the argument logoimg leads to unrestricted upload. It is possible to initiate the attack remotely. The… | |||
| CVE-2024-9076 | 0.00 | — | 0.21 | Sep 22, 2024 | A vulnerability was found in DedeCMS up to 5.7.115. It has been rated as critical. This issue affects some unknown processing of the file /dede/article_string_mix.php. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been… | |||
| CVE-2024-46373 | 0.00 | — | 0.00 | Sep 18, 2024 | Dedecms V5.7.115 contains an arbitrary code execution via file upload vulnerability in the backend. | |||
| CVE-2024-46372 | 0.00 | — | 0.00 | Sep 18, 2024 | DedeCMS 5.7.115 is vulnerable to Cross Site Scripting (XSS) via the advertisement code box in the advertisement management module. | |||
| CVE-2024-42636 | 0.00 | — | 0.01 | Aug 23, 2024 | DedeCMS V5.7.115 has a command execution vulnerability via file_manage_view.php?fmdo=newfile&activepath. | |||
| CVE-2024-6940 | 0.00 | — | 0.01 | Jul 21, 2024 | A vulnerability was found in DedeCMS 5.7.114. It has been classified as critical. This affects an unknown part of the file article_template_rand.php. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the… | |||
| CVE-2024-35510 | 0.00 | — | 0.01 | May 28, 2024 | An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.114 allows attackers to execute arbitrary code via uploading a crafted file. | |||
| CVE-2024-35375 | 0.00 | — | 0.00 | May 23, 2024 | There is an arbitrary file upload vulnerability on the media add .php page in the backend of the website in version 5.7.114 of DedeCMS | |||
| CVE-2024-34959 | 0.00 | — | 0.00 | May 17, 2024 | DedeCMS V5.7.113 is vulnerable to Cross Site Scripting (XSS) via sys_data_replace.php. | |||
| CVE-2024-4790 | 0.00 | — | 0.01 | May 11, 2024 | A vulnerability classified as problematic has been found in DedeCMS 5.7.114. This affects an unknown part of the file /sys_verifies.php?action=view. The manipulation of the argument filename with the input ../../../../../etc/passwd leads to path traversal: '../filedir'. It is… | |||
| CVE-2024-34245 | 0.00 | — | 0.01 | May 10, 2024 | An arbitrary file read vulnerability in DedeCMS v5.7.114 allows authenticated attackers to read arbitrary files by specifying any path in makehtml_js_action.php. | |||
| CVE-2024-4594 | 0.00 | — | 0.00 | May 7, 2024 | A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. Affected is an unknown function of the file /src/dede/sys_safe.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed… | |||
| CVE-2024-4593 | 0.00 | — | 0.00 | May 7, 2024 | A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. This issue affects some unknown processing of the file /src/dede/sys_multiserv.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has… | |||
| CVE-2024-4592 | 0.00 | — | 0.00 | May 7, 2024 | A vulnerability classified as problematic was found in DedeCMS 5.7. This vulnerability affects unknown code of the file /src/dede/sys_group_edit.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the… | |||
| CVE-2024-4591 | 0.00 | — | 0.00 | May 7, 2024 | A vulnerability classified as problematic has been found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/sys_group_add.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to… | |||
| CVE-2024-4590 | 0.00 | — | 0.00 | May 7, 2024 | A vulnerability was found in DedeCMS 5.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /src/dede/sys_info.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been… |
- CVE-2024-12183Dec 4, 2024risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, was found in DedeCMS 5.7.116. This affects the function RemoveXSS of the file /plus/carbuyaction.php of the component HTTP POST Request Handler. The manipulation leads to cross site scripting. It is possible to initiate the…
- CVE-2024-12182Dec 4, 2024risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7.116. Affected by this issue is some unknown functionality of the file /member/soft_add.php. The manipulation of the argument body leads to cross site scripting. The attack may be launched…
- CVE-2024-12181Dec 4, 2024risk 0.00cvss —epss 0.00
A vulnerability classified as problematic was found in DedeCMS 5.7.116. Affected by this vulnerability is an unknown functionality of the file /member/uploads_add.php of the component SWF File Handler. The manipulation of the argument mediatype leads to cross site scripting. The…
- CVE-2024-12180Dec 4, 2024risk 0.00cvss —epss 0.00
A vulnerability classified as problematic has been found in DedeCMS 5.7.116. Affected is an unknown function of the file /member/article_add.php. The manipulation of the argument body leads to cross site scripting. It is possible to launch the attack remotely. The exploit has…
- CVE-2024-11138Nov 12, 2024risk 0.00cvss —epss 0.02
A vulnerability classified as problematic has been found in DedeCMS 5.7.116. This affects an unknown part of the file /dede/uploads/dede/friendlink_add.php. The manipulation of the argument logoimg leads to unrestricted upload. It is possible to initiate the attack remotely. The…
- CVE-2024-9076Sep 22, 2024risk 0.00cvss —epss 0.21
A vulnerability was found in DedeCMS up to 5.7.115. It has been rated as critical. This issue affects some unknown processing of the file /dede/article_string_mix.php. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been…
- CVE-2024-46373Sep 18, 2024risk 0.00cvss —epss 0.00
Dedecms V5.7.115 contains an arbitrary code execution via file upload vulnerability in the backend.
- CVE-2024-46372Sep 18, 2024risk 0.00cvss —epss 0.00
DedeCMS 5.7.115 is vulnerable to Cross Site Scripting (XSS) via the advertisement code box in the advertisement management module.
- CVE-2024-42636Aug 23, 2024risk 0.00cvss —epss 0.01
DedeCMS V5.7.115 has a command execution vulnerability via file_manage_view.php?fmdo=newfile&activepath.
- CVE-2024-6940Jul 21, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in DedeCMS 5.7.114. It has been classified as critical. This affects an unknown part of the file article_template_rand.php. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the…
- CVE-2024-35510May 28, 2024risk 0.00cvss —epss 0.01
An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.114 allows attackers to execute arbitrary code via uploading a crafted file.
- CVE-2024-35375May 23, 2024risk 0.00cvss —epss 0.00
There is an arbitrary file upload vulnerability on the media add .php page in the backend of the website in version 5.7.114 of DedeCMS
- CVE-2024-34959May 17, 2024risk 0.00cvss —epss 0.00
DedeCMS V5.7.113 is vulnerable to Cross Site Scripting (XSS) via sys_data_replace.php.
- CVE-2024-4790May 11, 2024risk 0.00cvss —epss 0.01
A vulnerability classified as problematic has been found in DedeCMS 5.7.114. This affects an unknown part of the file /sys_verifies.php?action=view. The manipulation of the argument filename with the input ../../../../../etc/passwd leads to path traversal: '../filedir'. It is…
- CVE-2024-34245May 10, 2024risk 0.00cvss —epss 0.01
An arbitrary file read vulnerability in DedeCMS v5.7.114 allows authenticated attackers to read arbitrary files by specifying any path in makehtml_js_action.php.
- CVE-2024-4594May 7, 2024risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. Affected is an unknown function of the file /src/dede/sys_safe.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed…
- CVE-2024-4593May 7, 2024risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. This issue affects some unknown processing of the file /src/dede/sys_multiserv.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has…
- CVE-2024-4592May 7, 2024risk 0.00cvss —epss 0.00
A vulnerability classified as problematic was found in DedeCMS 5.7. This vulnerability affects unknown code of the file /src/dede/sys_group_edit.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the…
- CVE-2024-4591May 7, 2024risk 0.00cvss —epss 0.00
A vulnerability classified as problematic has been found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/sys_group_add.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to…
- CVE-2024-4590May 7, 2024risk 0.00cvss —epss 0.00
A vulnerability was found in DedeCMS 5.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /src/dede/sys_info.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been…
Page 3 of 9