Dedecms
by Dedecms
Source repositories
CVEs (169)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-8362 | 0.00 | — | 0.01 | Feb 16, 2019 | DedeCMS through V5.7SP2 allows arbitrary file upload in dede/album_edit.php or dede/album_add.php, as demonstrated by a dede/album_edit.php?dopost=save&formzip=1 request with a ZIP archive that contains a file such as "1.jpg.php" (because input validation only checks that .jpg,… | |||
| CVE-2019-6289 | 0.00 | — | 0.02 | Jan 15, 2019 | uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows remote attackers to execute arbitrary PHP code by uploading with a safe file extension and then renaming with a mixed-case variation of the .php extension, as demonstrated by the 1.pHP filename. | |||
| CVE-2018-19061 | 0.00 | — | 0.02 | Nov 7, 2018 | DedeCMS 5.7 SP2 has SQL Injection via the dede\co_do.php ids parameter. | |||
| CVE-2018-18782 | 0.00 | — | 0.01 | Oct 29, 2018 | Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/myfriend.php ftype parameter. | |||
| CVE-2018-18781 | 0.00 | — | 0.01 | Oct 29, 2018 | DedeCMS 5.7 SP2 allows XSS via the /member/uploads_select.php f or keyword parameter. | |||
| CVE-2018-18579 | 0.00 | — | 0.01 | Oct 22, 2018 | Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter. | |||
| CVE-2018-18578 | 0.00 | — | 0.01 | Oct 22, 2018 | DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter. | |||
| CVE-2010-1097 | 0.00 | — | 0.01 | Mar 24, 2010 | include/userlogin.class.php in DeDeCMS 5.5 GBK, when session.auto_start is enabled, allows remote attackers to bypass authentication and gain administrative access via a value of 1 for the _SESSION[dede_admin_id] parameter, as demonstrated by a request to… | |||
| CVE-2009-2270 | 0.00 | — | 0.02 | Jul 1, 2009 | Unrestricted file upload vulnerability in member/uploads_edit.php in dedecms 5.3 allows remote attackers to execute arbitrary code by uploading a file with a double extension in the filename, then accessing this file via unspecified vectors, as demonstrated by a .jpg.php… |
- CVE-2019-8362Feb 16, 2019risk 0.00cvss —epss 0.01
DedeCMS through V5.7SP2 allows arbitrary file upload in dede/album_edit.php or dede/album_add.php, as demonstrated by a dede/album_edit.php?dopost=save&formzip=1 request with a ZIP archive that contains a file such as "1.jpg.php" (because input validation only checks that .jpg,…
- CVE-2019-6289Jan 15, 2019risk 0.00cvss —epss 0.02
uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows remote attackers to execute arbitrary PHP code by uploading with a safe file extension and then renaming with a mixed-case variation of the .php extension, as demonstrated by the 1.pHP filename.
- CVE-2018-19061Nov 7, 2018risk 0.00cvss —epss 0.02
DedeCMS 5.7 SP2 has SQL Injection via the dede\co_do.php ids parameter.
- CVE-2018-18782Oct 29, 2018risk 0.00cvss —epss 0.01
Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/myfriend.php ftype parameter.
- CVE-2018-18781Oct 29, 2018risk 0.00cvss —epss 0.01
DedeCMS 5.7 SP2 allows XSS via the /member/uploads_select.php f or keyword parameter.
- CVE-2018-18579Oct 22, 2018risk 0.00cvss —epss 0.01
Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter.
- CVE-2018-18578Oct 22, 2018risk 0.00cvss —epss 0.01
DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter.
- CVE-2010-1097Mar 24, 2010risk 0.00cvss —epss 0.01
include/userlogin.class.php in DeDeCMS 5.5 GBK, when session.auto_start is enabled, allows remote attackers to bypass authentication and gain administrative access via a value of 1 for the _SESSION[dede_admin_id] parameter, as demonstrated by a request to…
- CVE-2009-2270Jul 1, 2009risk 0.00cvss —epss 0.02
Unrestricted file upload vulnerability in member/uploads_edit.php in dedecms 5.3 allows remote attackers to execute arbitrary code by uploading a file with a double extension in the filename, then accessing this file via unspecified vectors, as demonstrated by a .jpg.php…
Page 9 of 9