VYPR

Dedecms

by Dedecms

Source repositories

CVEs (169)

  • CVE-2022-40886Oct 3, 2022
    risk 0.00cvss epss 0.01

    DedeCMS 5.7.98 has a file upload vulnerability in the background.

  • CVE-2022-36583Sep 1, 2022
    risk 0.00cvss epss 0.00

    DedeCMS V5.7.97 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/co_do.php via the dopost, rpok, and aid parameters.

  • CVE-2022-36216Aug 17, 2022
    risk 0.00cvss epss 0.02

    DedeCMS v5.7.94 - v5.7.97 was discovered to contain a remote code execution vulnerability in member_toadmin.php.

  • CVE-2022-30508May 26, 2022
    risk 0.00cvss epss 0.01

    DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter.

  • CVE-2020-23044Oct 22, 2021
    risk 0.00cvss epss 0.01

    DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_pic_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.

  • CVE-2020-23046Oct 22, 2021
    risk 0.00cvss epss 0.01

    DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tpl.php via the `filename`, `mid`, `userid`, and `templet' parameters.

  • CVE-2020-36490Oct 22, 2021
    risk 0.00cvss epss 0.01

    DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.

  • CVE-2020-36491Oct 22, 2021
    risk 0.00cvss epss 0.01

    DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tags_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.

  • CVE-2020-36492Oct 22, 2021
    risk 0.00cvss epss 0.01

    DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component select_media.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.

  • CVE-2020-36494Oct 22, 2021
    risk 0.00cvss epss 0.01

    DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component mychannel_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters.

  • CVE-2020-36493Oct 22, 2021
    risk 0.00cvss epss 0.01

    DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component media_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.

  • CVE-2020-36495Oct 22, 2021
    risk 0.00cvss epss 0.01

    DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `filename`, `mid`, `userid`, and `templet' parameters.

  • CVE-2020-36496Oct 22, 2021
    risk 0.00cvss epss 0.01

    DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component sys_admin_user_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters.

  • CVE-2020-36497Oct 22, 2021
    risk 0.00cvss epss 0.01

    DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component makehtml_homepage.php via the `filename`, `mid`, `userid`, and `templet' parameters.

  • CVE-2020-18114Aug 27, 2021
    risk 0.00cvss epss 0.02

    An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows attackers to upload a webshell in HTM format.

  • CVE-2020-18917Aug 24, 2021
    risk 0.00cvss epss 0.01

    The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker's control.

  • CVE-2020-22198Jun 16, 2021
    risk 0.00cvss epss 0.02

    SQL Injection vulnerability in DedeCMS 5.7 via mdescription parameter to member/ajax_membergroup.php.

  • CVE-2020-16632May 14, 2021
    risk 0.00cvss epss 0.01

    A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter.

  • CVE-2021-32073May 14, 2021
    risk 0.00cvss epss 0.01

    DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution.

  • CVE-2019-10014Mar 24, 2019
    risk 0.00cvss epss 0.01

    In DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticated users to reset the passwords of arbitrary users via a modified id parameter, because the key parameter is not properly validated.

Page 8 of 9