Vendor
Dedecms
Products
1
CVEs
7
Across products
7
Status
Private
Products
1- 7 CVEs
Recent CVEs
7| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-30643 | Cri | 0.64 | 9.8 | 0.00 | Apr 1, 2026 | An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module upload. | |
| CVE-2025-15004 | Med | 0.41 | 6.3 | 0.00 | Dec 22, 2025 | A vulnerability was identified in DedeCMS up to 5.7.118. This impacts an unknown function of the file /freelist_main.php. The manipulation of the argument orderby leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. | |
| CVE-2025-6335 | Med | 0.31 | 4.7 | 0.01 | Jun 20, 2025 | A vulnerability was found in DedeCMS up to 5.7.2 and classified as critical. This issue affects some unknown processing of the file /include/dedetag.class.php of the component Template Handler. The manipulation of the argument notes leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |
| CVE-2011-5200 | 0.03 | — | 0.00 | Sep 23, 2012 | Multiple SQL injection vulnerabilities in DeDeCMS, possibly 5.6, allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) list.php, (2) members.php, or (3) book.php. | ||
| CVE-2009-3806 | 0.03 | — | 0.00 | Oct 27, 2009 | SQL injection vulnerability in feedback_js.php in DedeCMS 5.1 allows remote attackers to execute arbitrary SQL commands via the arcurl parameter. | ||
| CVE-2010-1097 | 0.00 | — | 0.00 | Mar 24, 2010 | include/userlogin.class.php in DeDeCMS 5.5 GBK, when session.auto_start is enabled, allows remote attackers to bypass authentication and gain administrative access via a value of 1 for the _SESSION[dede_admin_id] parameter, as demonstrated by a request to uploads/include/dialog/select_soft_post.php. | ||
| CVE-2009-2270 | 0.00 | — | 0.01 | Jul 1, 2009 | Unrestricted file upload vulnerability in member/uploads_edit.php in dedecms 5.3 allows remote attackers to execute arbitrary code by uploading a file with a double extension in the filename, then accessing this file via unspecified vectors, as demonstrated by a .jpg.php filename. |