VYPR

Dedecms

by Dedecms

Source repositories

CVEs (169)

  • CVE-2024-28669Mar 13, 2024
    risk 0.00cvss epss 0.00

    DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_edit.php.

  • CVE-2024-28668Mar 13, 2024
    risk 0.00cvss epss 0.00

    DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/mychannel_add.php

  • CVE-2024-28679Mar 13, 2024
    risk 0.00cvss epss 0.00

    DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via Photo Collection.

  • CVE-2024-28680Mar 13, 2024
    risk 0.00cvss epss 0.00

    DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/diy_add.php.

  • CVE-2024-28673Mar 13, 2024
    risk 0.00cvss epss 0.00

    DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/mychannel_edit.php.

  • CVE-2024-28677Mar 13, 2024
    risk 0.00cvss epss 0.00

    DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/article_keywords_main.php.

  • CVE-2024-28683Mar 13, 2024
    risk 0.00cvss epss 0.00

    DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via create file.

  • CVE-2024-28429Mar 13, 2024
    risk 0.00cvss epss 0.00

    DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/archives_do.php

  • CVE-2023-52047Feb 28, 2024
    risk 0.00cvss epss 0.00

    Dedecms v5.7.112 was discovered to contain a Cross-Site Request Forgery (CSRF) in the file manager.

  • CVE-2024-22895Jan 22, 2024
    risk 0.00cvss epss 0.01

    DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php.

  • CVE-2023-7212Jan 7, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in DeDeCMS up to 5.7.112. Affected is an unknown function of the file file_class.php of the component Backend. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been…

  • CVE-2023-49494Dec 11, 2023
    risk 0.00cvss epss 0.01

    DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component select_media_post_wangEditor.php.

  • CVE-2023-49493Dec 7, 2023
    risk 0.00cvss epss 0.00

    DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the v parameter at selectimages.php.

  • CVE-2023-49492Dec 7, 2023
    risk 0.00cvss epss 0.00

    DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the imgstick parameter at selectimages.php.

  • CVE-2023-43275Nov 16, 2023
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in DedeCMS v5.7 in 110 backend management interface via /catalog_add.php, allows attackers to create crafted web pages due to a lack of verification of the token value of the submitted form.

  • CVE-2023-48068Nov 13, 2023
    risk 0.00cvss epss 0.00

    DedeCMS v6.2 was discovered to contain a Cross-site Scripting (XSS) vulnerability via spec_add.php.

  • CVE-2023-5301Sep 30, 2023
    risk 0.00cvss epss 0.06

    A vulnerability classified as critical was found in DedeCMS 5.7.111. This vulnerability affects the function AddMyAddon of the file album_add.php. The manipulation of the argument albumUploadFiles leads to os command injection. The attack can be initiated remotely. The exploit…

  • CVE-2023-43226Sep 28, 2023
    risk 0.00cvss epss 0.01

    An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file.

  • CVE-2023-5022Sep 17, 2023
    risk 0.00cvss epss 0.01

    A vulnerability has been found in DedeCMS up to 5.7.100 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /include/dialog/select_templets_post.php. The manipulation of the argument activepath leads to absolute path traversal. The…

  • CVE-2023-40784Sep 12, 2023
    risk 0.00cvss epss 0.01

    DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/module_make.php.

Page 6 of 9