Dedecms
by Dedecms
Source repositories
CVEs (169)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-40886 | 0.00 | — | 0.01 | Oct 3, 2022 | DedeCMS 5.7.98 has a file upload vulnerability in the background. | |||
| CVE-2022-36583 | 0.00 | — | 0.00 | Sep 1, 2022 | DedeCMS V5.7.97 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/co_do.php via the dopost, rpok, and aid parameters. | |||
| CVE-2022-36216 | 0.00 | — | 0.02 | Aug 17, 2022 | DedeCMS v5.7.94 - v5.7.97 was discovered to contain a remote code execution vulnerability in member_toadmin.php. | |||
| CVE-2022-30508 | 0.00 | — | 0.01 | May 26, 2022 | DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter. | |||
| CVE-2020-23044 | 0.00 | — | 0.01 | Oct 22, 2021 | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_pic_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. | |||
| CVE-2020-23046 | 0.00 | — | 0.01 | Oct 22, 2021 | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tpl.php via the `filename`, `mid`, `userid`, and `templet' parameters. | |||
| CVE-2020-36490 | 0.00 | — | 0.01 | Oct 22, 2021 | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. | |||
| CVE-2020-36491 | 0.00 | — | 0.01 | Oct 22, 2021 | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tags_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. | |||
| CVE-2020-36492 | 0.00 | — | 0.01 | Oct 22, 2021 | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component select_media.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. | |||
| CVE-2020-36494 | 0.00 | — | 0.01 | Oct 22, 2021 | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component mychannel_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters. | |||
| CVE-2020-36493 | 0.00 | — | 0.01 | Oct 22, 2021 | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component media_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. | |||
| CVE-2020-36495 | 0.00 | — | 0.01 | Oct 22, 2021 | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `filename`, `mid`, `userid`, and `templet' parameters. | |||
| CVE-2020-36496 | 0.00 | — | 0.01 | Oct 22, 2021 | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component sys_admin_user_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters. | |||
| CVE-2020-36497 | 0.00 | — | 0.01 | Oct 22, 2021 | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component makehtml_homepage.php via the `filename`, `mid`, `userid`, and `templet' parameters. | |||
| CVE-2020-18114 | 0.00 | — | 0.02 | Aug 27, 2021 | An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows attackers to upload a webshell in HTM format. | |||
| CVE-2020-18917 | 0.00 | — | 0.01 | Aug 24, 2021 | The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker's control. | |||
| CVE-2020-22198 | 0.00 | — | 0.02 | Jun 16, 2021 | SQL Injection vulnerability in DedeCMS 5.7 via mdescription parameter to member/ajax_membergroup.php. | |||
| CVE-2020-16632 | 0.00 | — | 0.01 | May 14, 2021 | A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter. | |||
| CVE-2021-32073 | 0.00 | — | 0.01 | May 14, 2021 | DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution. | |||
| CVE-2019-10014 | 0.00 | — | 0.01 | Mar 24, 2019 | In DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticated users to reset the passwords of arbitrary users via a modified id parameter, because the key parameter is not properly validated. |
- CVE-2022-40886Oct 3, 2022risk 0.00cvss —epss 0.01
DedeCMS 5.7.98 has a file upload vulnerability in the background.
- CVE-2022-36583Sep 1, 2022risk 0.00cvss —epss 0.00
DedeCMS V5.7.97 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/co_do.php via the dopost, rpok, and aid parameters.
- CVE-2022-36216Aug 17, 2022risk 0.00cvss —epss 0.02
DedeCMS v5.7.94 - v5.7.97 was discovered to contain a remote code execution vulnerability in member_toadmin.php.
- CVE-2022-30508May 26, 2022risk 0.00cvss —epss 0.01
DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter.
- CVE-2020-23044Oct 22, 2021risk 0.00cvss —epss 0.01
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_pic_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
- CVE-2020-23046Oct 22, 2021risk 0.00cvss —epss 0.01
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tpl.php via the `filename`, `mid`, `userid`, and `templet' parameters.
- CVE-2020-36490Oct 22, 2021risk 0.00cvss —epss 0.01
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
- CVE-2020-36491Oct 22, 2021risk 0.00cvss —epss 0.01
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tags_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
- CVE-2020-36492Oct 22, 2021risk 0.00cvss —epss 0.01
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component select_media.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
- CVE-2020-36494Oct 22, 2021risk 0.00cvss —epss 0.01
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component mychannel_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters.
- CVE-2020-36493Oct 22, 2021risk 0.00cvss —epss 0.01
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component media_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
- CVE-2020-36495Oct 22, 2021risk 0.00cvss —epss 0.01
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `filename`, `mid`, `userid`, and `templet' parameters.
- CVE-2020-36496Oct 22, 2021risk 0.00cvss —epss 0.01
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component sys_admin_user_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters.
- CVE-2020-36497Oct 22, 2021risk 0.00cvss —epss 0.01
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component makehtml_homepage.php via the `filename`, `mid`, `userid`, and `templet' parameters.
- CVE-2020-18114Aug 27, 2021risk 0.00cvss —epss 0.02
An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows attackers to upload a webshell in HTM format.
- CVE-2020-18917Aug 24, 2021risk 0.00cvss —epss 0.01
The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker's control.
- CVE-2020-22198Jun 16, 2021risk 0.00cvss —epss 0.02
SQL Injection vulnerability in DedeCMS 5.7 via mdescription parameter to member/ajax_membergroup.php.
- CVE-2020-16632May 14, 2021risk 0.00cvss —epss 0.01
A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter.
- CVE-2021-32073May 14, 2021risk 0.00cvss —epss 0.01
DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution.
- CVE-2019-10014Mar 24, 2019risk 0.00cvss —epss 0.01
In DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticated users to reset the passwords of arbitrary users via a modified id parameter, because the key parameter is not properly validated.
Page 8 of 9