Dedecms
by Dedecms
Source repositories
CVEs (169)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-28669 | 0.00 | — | 0.00 | Mar 13, 2024 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_edit.php. | |||
| CVE-2024-28668 | 0.00 | — | 0.00 | Mar 13, 2024 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/mychannel_add.php | |||
| CVE-2024-28679 | 0.00 | — | 0.00 | Mar 13, 2024 | DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via Photo Collection. | |||
| CVE-2024-28680 | 0.00 | — | 0.00 | Mar 13, 2024 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/diy_add.php. | |||
| CVE-2024-28673 | 0.00 | — | 0.00 | Mar 13, 2024 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/mychannel_edit.php. | |||
| CVE-2024-28677 | 0.00 | — | 0.00 | Mar 13, 2024 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/article_keywords_main.php. | |||
| CVE-2024-28683 | 0.00 | — | 0.00 | Mar 13, 2024 | DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via create file. | |||
| CVE-2024-28429 | 0.00 | — | 0.00 | Mar 13, 2024 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/archives_do.php | |||
| CVE-2023-52047 | 0.00 | — | 0.00 | Feb 28, 2024 | Dedecms v5.7.112 was discovered to contain a Cross-Site Request Forgery (CSRF) in the file manager. | |||
| CVE-2024-22895 | 0.00 | — | 0.01 | Jan 22, 2024 | DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php. | |||
| CVE-2023-7212 | 0.00 | — | 0.01 | Jan 7, 2024 | A vulnerability classified as critical has been found in DeDeCMS up to 5.7.112. Affected is an unknown function of the file file_class.php of the component Backend. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been… | |||
| CVE-2023-49494 | 0.00 | — | 0.01 | Dec 11, 2023 | DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component select_media_post_wangEditor.php. | |||
| CVE-2023-49493 | 0.00 | — | 0.00 | Dec 7, 2023 | DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the v parameter at selectimages.php. | |||
| CVE-2023-49492 | 0.00 | — | 0.00 | Dec 7, 2023 | DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the imgstick parameter at selectimages.php. | |||
| CVE-2023-43275 | 0.00 | — | 0.00 | Nov 16, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in DedeCMS v5.7 in 110 backend management interface via /catalog_add.php, allows attackers to create crafted web pages due to a lack of verification of the token value of the submitted form. | |||
| CVE-2023-48068 | 0.00 | — | 0.00 | Nov 13, 2023 | DedeCMS v6.2 was discovered to contain a Cross-site Scripting (XSS) vulnerability via spec_add.php. | |||
| CVE-2023-5301 | 0.00 | — | 0.06 | Sep 30, 2023 | A vulnerability classified as critical was found in DedeCMS 5.7.111. This vulnerability affects the function AddMyAddon of the file album_add.php. The manipulation of the argument albumUploadFiles leads to os command injection. The attack can be initiated remotely. The exploit… | |||
| CVE-2023-43226 | 0.00 | — | 0.01 | Sep 28, 2023 | An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||
| CVE-2023-5022 | 0.00 | — | 0.01 | Sep 17, 2023 | A vulnerability has been found in DedeCMS up to 5.7.100 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /include/dialog/select_templets_post.php. The manipulation of the argument activepath leads to absolute path traversal. The… | |||
| CVE-2023-40784 | 0.00 | — | 0.01 | Sep 12, 2023 | DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/module_make.php. |
- CVE-2024-28669Mar 13, 2024risk 0.00cvss —epss 0.00
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_edit.php.
- CVE-2024-28668Mar 13, 2024risk 0.00cvss —epss 0.00
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/mychannel_add.php
- CVE-2024-28679Mar 13, 2024risk 0.00cvss —epss 0.00
DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via Photo Collection.
- CVE-2024-28680Mar 13, 2024risk 0.00cvss —epss 0.00
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/diy_add.php.
- CVE-2024-28673Mar 13, 2024risk 0.00cvss —epss 0.00
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/mychannel_edit.php.
- CVE-2024-28677Mar 13, 2024risk 0.00cvss —epss 0.00
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/article_keywords_main.php.
- CVE-2024-28683Mar 13, 2024risk 0.00cvss —epss 0.00
DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via create file.
- CVE-2024-28429Mar 13, 2024risk 0.00cvss —epss 0.00
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/archives_do.php
- CVE-2023-52047Feb 28, 2024risk 0.00cvss —epss 0.00
Dedecms v5.7.112 was discovered to contain a Cross-Site Request Forgery (CSRF) in the file manager.
- CVE-2024-22895Jan 22, 2024risk 0.00cvss —epss 0.01
DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php.
- CVE-2023-7212Jan 7, 2024risk 0.00cvss —epss 0.01
A vulnerability classified as critical has been found in DeDeCMS up to 5.7.112. Affected is an unknown function of the file file_class.php of the component Backend. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been…
- CVE-2023-49494Dec 11, 2023risk 0.00cvss —epss 0.01
DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component select_media_post_wangEditor.php.
- CVE-2023-49493Dec 7, 2023risk 0.00cvss —epss 0.00
DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the v parameter at selectimages.php.
- CVE-2023-49492Dec 7, 2023risk 0.00cvss —epss 0.00
DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the imgstick parameter at selectimages.php.
- CVE-2023-43275Nov 16, 2023risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in DedeCMS v5.7 in 110 backend management interface via /catalog_add.php, allows attackers to create crafted web pages due to a lack of verification of the token value of the submitted form.
- CVE-2023-48068Nov 13, 2023risk 0.00cvss —epss 0.00
DedeCMS v6.2 was discovered to contain a Cross-site Scripting (XSS) vulnerability via spec_add.php.
- CVE-2023-5301Sep 30, 2023risk 0.00cvss —epss 0.06
A vulnerability classified as critical was found in DedeCMS 5.7.111. This vulnerability affects the function AddMyAddon of the file album_add.php. The manipulation of the argument albumUploadFiles leads to os command injection. The attack can be initiated remotely. The exploit…
- CVE-2023-43226Sep 28, 2023risk 0.00cvss —epss 0.01
An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file.
- CVE-2023-5022Sep 17, 2023risk 0.00cvss —epss 0.01
A vulnerability has been found in DedeCMS up to 5.7.100 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /include/dialog/select_templets_post.php. The manipulation of the argument activepath leads to absolute path traversal. The…
- CVE-2023-40784Sep 12, 2023risk 0.00cvss —epss 0.01
DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/module_make.php.
Page 6 of 9