VYPR

Dedecms

by Dedecms

Source repositories

CVEs (169)

  • CVE-2019-8362Feb 16, 2019
    risk 0.00cvss epss 0.01

    DedeCMS through V5.7SP2 allows arbitrary file upload in dede/album_edit.php or dede/album_add.php, as demonstrated by a dede/album_edit.php?dopost=save&formzip=1 request with a ZIP archive that contains a file such as "1.jpg.php" (because input validation only checks that .jpg,…

  • CVE-2019-6289Jan 15, 2019
    risk 0.00cvss epss 0.02

    uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows remote attackers to execute arbitrary PHP code by uploading with a safe file extension and then renaming with a mixed-case variation of the .php extension, as demonstrated by the 1.pHP filename.

  • CVE-2018-19061Nov 7, 2018
    risk 0.00cvss epss 0.02

    DedeCMS 5.7 SP2 has SQL Injection via the dede\co_do.php ids parameter.

  • CVE-2018-18782Oct 29, 2018
    risk 0.00cvss epss 0.01

    Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/myfriend.php ftype parameter.

  • CVE-2018-18781Oct 29, 2018
    risk 0.00cvss epss 0.01

    DedeCMS 5.7 SP2 allows XSS via the /member/uploads_select.php f or keyword parameter.

  • CVE-2018-18579Oct 22, 2018
    risk 0.00cvss epss 0.01

    Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter.

  • CVE-2018-18578Oct 22, 2018
    risk 0.00cvss epss 0.01

    DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter.

  • CVE-2010-1097Mar 24, 2010
    risk 0.00cvss epss 0.01

    include/userlogin.class.php in DeDeCMS 5.5 GBK, when session.auto_start is enabled, allows remote attackers to bypass authentication and gain administrative access via a value of 1 for the _SESSION[dede_admin_id] parameter, as demonstrated by a request to…

  • CVE-2009-2270Jul 1, 2009
    risk 0.00cvss epss 0.02

    Unrestricted file upload vulnerability in member/uploads_edit.php in dedecms 5.3 allows remote attackers to execute arbitrary code by uploading a file with a double extension in the filename, then accessing this file via unspecified vectors, as demonstrated by a .jpg.php…

Page 9 of 9