Vendor CVEs
Dedecms
All CVEs
170 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-17731 | Cri | 0.65 | 9.8 | 0.13 | Dec 18, 2017 | DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php. | ||
| CVE-2026-38615 | Cri | 0.64 | 9.8 | 0.01 | Jun 9, 2026 | DedeCMS V5.7.118 is vulnerable to Command Execution in file_manage_control.php. | ||
| CVE-2026-30643 | Cri | 0.64 | 9.8 | 0.01 | Apr 1, 2026 | An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module upload. | ||
| CVE-2018-12045 | Cri | 0.64 | 9.8 | 0.01 | Jun 8, 2018 | DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=upload request with an upfile1 parameter, as demonstrated by uploading a .php file. | ||
| CVE-2018-10375 | Cri | 0.64 | 9.8 | 0.01 | Apr 25, 2018 | A file uploading vulnerability exists in /include/helpers/upload.helper.php in DedeCMS V5.7 SP2, which can be utilized by attackers to upload and execute arbitrary PHP code via the /dede/archives_do.php?dopost=uploadLitpic litpic parameter when "Content-Type: image/jpeg" is… | ||
| CVE-2018-9175 | Cri | 0.64 | 9.8 | 0.02 | Apr 2, 2018 | DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the egroup parameter to uploads/dede/stepselect_main.php because code within the database is accessible to uploads/dede/sys_cache_up.php. | ||
| CVE-2018-9174 | Cri | 0.64 | 9.8 | 0.01 | Apr 2, 2018 | sys_verifies.php in DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the refiles array parameter, because the contents of modifytmp.inc are under an attacker's control. | ||
| CVE-2017-17730 | Cri | 0.64 | 9.8 | 0.01 | Dec 18, 2017 | DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php. | ||
| CVE-2018-7700 | Hig | 0.63 | 8.8 | 0.75 | Mar 27, 2018 | DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code. | ||
| CVE-2018-16785 | Hig | 0.57 | 8.8 | 0.02 | Sep 19, 2018 | XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell | ||
| CVE-2018-9134 | Hig | 0.57 | 8.8 | 0.01 | Mar 30, 2018 | file_manage_control.php in DedeCMS 5.7 has CSRF in an fmdo=rename action, as demonstrated by renaming an arbitrary file under uploads/userup to a .php file under the web root to achieve PHP code execution. This uses the oldfilename and newfilename parameters. | ||
| CVE-2017-17727 | Hig | 0.57 | 8.8 | 0.01 | Dec 18, 2017 | DedeCMS through 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in the templet parameter to member/article_edit.php. | ||
| CVE-2018-6910 | Hig | 0.50 | 7.5 | 0.19 | Feb 13, 2018 | DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php. | ||
| CVE-2018-12046 | Hig | 0.49 | 7.5 | 0.01 | Jun 8, 2018 | DedeCMS through 5.7SP2 allows arbitrary file write in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file. | ||
| CVE-2026-10608 | Hig | 0.47 | 7.3 | 0.00 | Jun 2, 2026 | A security flaw has been discovered in DedeCMS 5.7.88. This affects the function RemoveXSS of the file /plus/carbuyaction.php. The manipulation of the argument postname/des results in sql injection. The attack may be launched remotely. The exploit has been released to the public… | ||
| CVE-2026-10607 | Hig | 0.47 | 7.3 | 0.00 | Jun 2, 2026 | A vulnerability was identified in DedeCMS 5.7.88. The impacted element is the function dede_htmlspecialchars of the file /plus/flink.php. The manipulation of the argument msg leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and… | ||
| CVE-2026-10606 | Hig | 0.47 | 7.3 | 0.00 | Jun 2, 2026 | A vulnerability was determined in DedeCMS 5.7.88. The affected element is the function TrimMsg of the file /plus/feedback.php of the component Feedback Handler. Executing a manipulation of the argument msg can lead to sql injection. The attack can be launched remotely. The… | ||
| CVE-2018-16784 | Hig | 0.47 | 7.2 | 0.02 | Sep 21, 2018 | DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "<file type='file' name='../" substring. | ||
| CVE-2026-10581 | Med | 0.41 | 6.3 | 0.00 | Jun 2, 2026 | A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function base64_decode of the file /plus/download.php?open=1. This manipulation of the argument Link causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has… | ||
| CVE-2025-15004 | Med | 0.41 | 6.3 | 0.00 | Dec 22, 2025 | A vulnerability was identified in DedeCMS up to 5.7.118. This impacts an unknown function of the file /freelist_main.php. The manipulation of the argument orderby leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might… | ||
| CVE-2018-16786 | Med | 0.40 | 6.1 | 0.01 | Sep 21, 2018 | DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg parameter to /plus/feedback_ajax.php. | ||
| CVE-2025-6335 | Med | 0.31 | 4.7 | 0.07 | Jun 20, 2025 | A vulnerability was found in DedeCMS up to 5.7.2 and classified as critical. This issue affects some unknown processing of the file /include/dedetag.class.php of the component Template Handler. The manipulation of the argument notes leads to command injection. The attack may be… | ||
| CVE-2023-3578 | 0.06 | — | 0.03 | Jul 10, 2023 | A vulnerability classified as critical was found in DedeCMS 5.7.109. Affected by this vulnerability is an unknown functionality of the file co_do.php. The manipulation of the argument rssurl leads to server-side request forgery. The exploit has been disclosed to the public and… | |||
| CVE-2015-4553 | 0.06 | — | 0.57 | Jan 6, 2020 | A file upload issue exists in DeDeCMS before 5.7-sp1, which allows malicious users getshell. | |||
| CVE-2018-20129 | 0.06 | — | 0.08 | Dec 13, 2018 | An issue was discovered in DedeCMS V5.7 SP2. uploads/include/dialog/select_images_post.php allows remote attackers to upload and execute arbitrary PHP code via a double extension and a modified ".php" substring, in conjunction with the image/jpeg content type, as demonstrated by… | |||
| CVE-2023-2928 | 0.05 | — | 0.51 | May 27, 2023 | A vulnerability was found in DedeCMS up to 5.7.106. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file uploads/dede/article_allowurl_edit.php. The manipulation of the argument allurls leads to code injection. The attack can… | |||
| CVE-2020-27533 | 0.03 | — | 0.03 | Oct 22, 2020 | A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to inject code into web pages, and other users will be affected when viewing web pages. | |||
| CVE-2011-5200 | 0.03 | — | 0.02 | Sep 23, 2012 | Multiple SQL injection vulnerabilities in DeDeCMS, possibly 5.6, allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) list.php, (2) members.php, or (3) book.php. | |||
| CVE-2009-3806 | 0.03 | — | 0.03 | Oct 27, 2009 | SQL injection vulnerability in feedback_js.php in DedeCMS 5.1 allows remote attackers to execute arbitrary SQL commands via the arcurl parameter. | |||
| CVE-2024-57241 | 0.02 | — | 0.01 | Feb 11, 2025 | Dedecms 5.71sp1 and earlier is vulnerable to URL redirect. In the web application, a logic error does not judge the input GET request resulting in URL redirection. | |||
| CVE-2019-8933 | 0.02 | — | 0.03 | Feb 19, 2019 | In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory (without being blocked by the Web Application Firewall), and then execute this file, via this sequence of steps: visiting the management page, clicking on the template, clicking on Default Template… | |||
| CVE-2023-36298 | 0.01 | — | 0.01 | Aug 3, 2023 | DedeCMS v5.7.109 has a File Upload vulnerability, leading to remote code execution (RCE). | |||
| CVE-2022-44118 | 0.01 | — | 0.02 | Nov 23, 2022 | dedecmdv6 v6.1.9 is vulnerable to Remote Code Execution (RCE) via file_manage_control.php. | |||
| CVE-2022-35516 | 0.01 | — | 0.02 | Aug 17, 2022 | DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code execution vulnerability in login.php. | |||
| CVE-2022-34531 | 0.01 | — | 0.23 | Jul 29, 2022 | DedeCMS v5.7.95 was discovered to contain a remote code execution (RCE) vulnerability via the component mytag_ main.php. | |||
| CVE-2022-23337 | 0.01 | — | 0.02 | Feb 14, 2022 | DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerability in article_coonepage_rule.php via the ids parameter. | |||
| CVE-2018-18608 | 0.01 | — | 0.03 | Oct 23, 2018 | DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATH_INFO to /member/index.php, /member/pm.php,… | |||
| CVE-2026-29839 | 0.00 | — | 0.00 | Mar 24, 2026 | DedeCMS v5.7.118 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability in /sys_task_add.php. | |||
| CVE-2026-30694 | 0.00 | — | 0.01 | Mar 19, 2026 | An issue in DedeCMS v.5.7.118 and before allows a remote attacker to execute arbitrary code via the array_filter component | |||
| CVE-2024-30855 | 0.00 | — | 0.00 | Dec 29, 2025 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/makehtml_list_action.php. | |||
| CVE-2025-5137 | 0.00 | — | 0.00 | May 25, 2025 | A vulnerability was found in DedeCMS 5.7.117. It has been classified as critical. Affected is an unknown function of the file dede/sys_verifies.php?action=getfiles of the component Incomplete Fix CVE-2018-9175. The manipulation of the argument refiles leads to code injection. It… | |||
| CVE-2024-12183 | 0.00 | — | 0.00 | Dec 4, 2024 | A vulnerability, which was classified as problematic, was found in DedeCMS 5.7.116. This affects the function RemoveXSS of the file /plus/carbuyaction.php of the component HTTP POST Request Handler. The manipulation leads to cross site scripting. It is possible to initiate the… | |||
| CVE-2024-12182 | 0.00 | — | 0.00 | Dec 4, 2024 | A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7.116. Affected by this issue is some unknown functionality of the file /member/soft_add.php. The manipulation of the argument body leads to cross site scripting. The attack may be launched… | |||
| CVE-2024-12181 | 0.00 | — | 0.00 | Dec 4, 2024 | A vulnerability classified as problematic was found in DedeCMS 5.7.116. Affected by this vulnerability is an unknown functionality of the file /member/uploads_add.php of the component SWF File Handler. The manipulation of the argument mediatype leads to cross site scripting. The… | |||
| CVE-2024-12180 | 0.00 | — | 0.00 | Dec 4, 2024 | A vulnerability classified as problematic has been found in DedeCMS 5.7.116. Affected is an unknown function of the file /member/article_add.php. The manipulation of the argument body leads to cross site scripting. It is possible to launch the attack remotely. The exploit has… | |||
| CVE-2024-11138 | 0.00 | — | 0.02 | Nov 12, 2024 | A vulnerability classified as problematic has been found in DedeCMS 5.7.116. This affects an unknown part of the file /dede/uploads/dede/friendlink_add.php. The manipulation of the argument logoimg leads to unrestricted upload. It is possible to initiate the attack remotely. The… | |||
| CVE-2024-9076 | 0.00 | — | 0.21 | Sep 22, 2024 | A vulnerability was found in DedeCMS up to 5.7.115. It has been rated as critical. This issue affects some unknown processing of the file /dede/article_string_mix.php. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been… | |||
| CVE-2024-46373 | 0.00 | — | 0.00 | Sep 18, 2024 | Dedecms V5.7.115 contains an arbitrary code execution via file upload vulnerability in the backend. | |||
| CVE-2024-46372 | 0.00 | — | 0.00 | Sep 18, 2024 | DedeCMS 5.7.115 is vulnerable to Cross Site Scripting (XSS) via the advertisement code box in the advertisement management module. | |||
| CVE-2024-42636 | 0.00 | — | 0.01 | Aug 23, 2024 | DedeCMS V5.7.115 has a command execution vulnerability via file_manage_view.php?fmdo=newfile&activepath. |
- risk 0.65cvss 9.8epss 0.13
DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php.
- risk 0.64cvss 9.8epss 0.01
DedeCMS V5.7.118 is vulnerable to Command Execution in file_manage_control.php.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module upload.
- risk 0.64cvss 9.8epss 0.01
DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=upload request with an upfile1 parameter, as demonstrated by uploading a .php file.
- risk 0.64cvss 9.8epss 0.01
A file uploading vulnerability exists in /include/helpers/upload.helper.php in DedeCMS V5.7 SP2, which can be utilized by attackers to upload and execute arbitrary PHP code via the /dede/archives_do.php?dopost=uploadLitpic litpic parameter when "Content-Type: image/jpeg" is…
- risk 0.64cvss 9.8epss 0.02
DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the egroup parameter to uploads/dede/stepselect_main.php because code within the database is accessible to uploads/dede/sys_cache_up.php.
- risk 0.64cvss 9.8epss 0.01
sys_verifies.php in DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the refiles array parameter, because the contents of modifytmp.inc are under an attacker's control.
- risk 0.64cvss 9.8epss 0.01
DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php.
- risk 0.63cvss 8.8epss 0.75
DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code.
- risk 0.57cvss 8.8epss 0.02
XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell
- risk 0.57cvss 8.8epss 0.01
file_manage_control.php in DedeCMS 5.7 has CSRF in an fmdo=rename action, as demonstrated by renaming an arbitrary file under uploads/userup to a .php file under the web root to achieve PHP code execution. This uses the oldfilename and newfilename parameters.
- risk 0.57cvss 8.8epss 0.01
DedeCMS through 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in the templet parameter to member/article_edit.php.
- risk 0.50cvss 7.5epss 0.19
DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php.
- risk 0.49cvss 7.5epss 0.01
DedeCMS through 5.7SP2 allows arbitrary file write in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file.
- risk 0.47cvss 7.3epss 0.00
A security flaw has been discovered in DedeCMS 5.7.88. This affects the function RemoveXSS of the file /plus/carbuyaction.php. The manipulation of the argument postname/des results in sql injection. The attack may be launched remotely. The exploit has been released to the public…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was identified in DedeCMS 5.7.88. The impacted element is the function dede_htmlspecialchars of the file /plus/flink.php. The manipulation of the argument msg leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was determined in DedeCMS 5.7.88. The affected element is the function TrimMsg of the file /plus/feedback.php of the component Feedback Handler. Executing a manipulation of the argument msg can lead to sql injection. The attack can be launched remotely. The…
- risk 0.47cvss 7.2epss 0.02
DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "<file type='file' name='../" substring.
- risk 0.41cvss 6.3epss 0.00
A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function base64_decode of the file /plus/download.php?open=1. This manipulation of the argument Link causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was identified in DedeCMS up to 5.7.118. This impacts an unknown function of the file /freelist_main.php. The manipulation of the argument orderby leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might…
- risk 0.40cvss 6.1epss 0.01
DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg parameter to /plus/feedback_ajax.php.
- risk 0.31cvss 4.7epss 0.07
A vulnerability was found in DedeCMS up to 5.7.2 and classified as critical. This issue affects some unknown processing of the file /include/dedetag.class.php of the component Template Handler. The manipulation of the argument notes leads to command injection. The attack may be…
- CVE-2023-3578Jul 10, 2023risk 0.06cvss —epss 0.03
A vulnerability classified as critical was found in DedeCMS 5.7.109. Affected by this vulnerability is an unknown functionality of the file co_do.php. The manipulation of the argument rssurl leads to server-side request forgery. The exploit has been disclosed to the public and…
- CVE-2015-4553Jan 6, 2020risk 0.06cvss —epss 0.57
A file upload issue exists in DeDeCMS before 5.7-sp1, which allows malicious users getshell.
- CVE-2018-20129Dec 13, 2018risk 0.06cvss —epss 0.08
An issue was discovered in DedeCMS V5.7 SP2. uploads/include/dialog/select_images_post.php allows remote attackers to upload and execute arbitrary PHP code via a double extension and a modified ".php" substring, in conjunction with the image/jpeg content type, as demonstrated by…
- CVE-2023-2928May 27, 2023risk 0.05cvss —epss 0.51
A vulnerability was found in DedeCMS up to 5.7.106. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file uploads/dede/article_allowurl_edit.php. The manipulation of the argument allurls leads to code injection. The attack can…
- CVE-2020-27533Oct 22, 2020risk 0.03cvss —epss 0.03
A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to inject code into web pages, and other users will be affected when viewing web pages.
- CVE-2011-5200Sep 23, 2012risk 0.03cvss —epss 0.02
Multiple SQL injection vulnerabilities in DeDeCMS, possibly 5.6, allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) list.php, (2) members.php, or (3) book.php.
- CVE-2009-3806Oct 27, 2009risk 0.03cvss —epss 0.03
SQL injection vulnerability in feedback_js.php in DedeCMS 5.1 allows remote attackers to execute arbitrary SQL commands via the arcurl parameter.
- CVE-2024-57241Feb 11, 2025risk 0.02cvss —epss 0.01
Dedecms 5.71sp1 and earlier is vulnerable to URL redirect. In the web application, a logic error does not judge the input GET request resulting in URL redirection.
- CVE-2019-8933Feb 19, 2019risk 0.02cvss —epss 0.03
In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory (without being blocked by the Web Application Firewall), and then execute this file, via this sequence of steps: visiting the management page, clicking on the template, clicking on Default Template…
- CVE-2023-36298Aug 3, 2023risk 0.01cvss —epss 0.01
DedeCMS v5.7.109 has a File Upload vulnerability, leading to remote code execution (RCE).
- CVE-2022-44118Nov 23, 2022risk 0.01cvss —epss 0.02
dedecmdv6 v6.1.9 is vulnerable to Remote Code Execution (RCE) via file_manage_control.php.
- CVE-2022-35516Aug 17, 2022risk 0.01cvss —epss 0.02
DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code execution vulnerability in login.php.
- CVE-2022-34531Jul 29, 2022risk 0.01cvss —epss 0.23
DedeCMS v5.7.95 was discovered to contain a remote code execution (RCE) vulnerability via the component mytag_ main.php.
- CVE-2022-23337Feb 14, 2022risk 0.01cvss —epss 0.02
DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerability in article_coonepage_rule.php via the ids parameter.
- CVE-2018-18608Oct 23, 2018risk 0.01cvss —epss 0.03
DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATH_INFO to /member/index.php, /member/pm.php,…
- CVE-2026-29839Mar 24, 2026risk 0.00cvss —epss 0.00
DedeCMS v5.7.118 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability in /sys_task_add.php.
- CVE-2026-30694Mar 19, 2026risk 0.00cvss —epss 0.01
An issue in DedeCMS v.5.7.118 and before allows a remote attacker to execute arbitrary code via the array_filter component
- CVE-2024-30855Dec 29, 2025risk 0.00cvss —epss 0.00
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/makehtml_list_action.php.
- CVE-2025-5137May 25, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in DedeCMS 5.7.117. It has been classified as critical. Affected is an unknown function of the file dede/sys_verifies.php?action=getfiles of the component Incomplete Fix CVE-2018-9175. The manipulation of the argument refiles leads to code injection. It…
- CVE-2024-12183Dec 4, 2024risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, was found in DedeCMS 5.7.116. This affects the function RemoveXSS of the file /plus/carbuyaction.php of the component HTTP POST Request Handler. The manipulation leads to cross site scripting. It is possible to initiate the…
- CVE-2024-12182Dec 4, 2024risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7.116. Affected by this issue is some unknown functionality of the file /member/soft_add.php. The manipulation of the argument body leads to cross site scripting. The attack may be launched…
- CVE-2024-12181Dec 4, 2024risk 0.00cvss —epss 0.00
A vulnerability classified as problematic was found in DedeCMS 5.7.116. Affected by this vulnerability is an unknown functionality of the file /member/uploads_add.php of the component SWF File Handler. The manipulation of the argument mediatype leads to cross site scripting. The…
- CVE-2024-12180Dec 4, 2024risk 0.00cvss —epss 0.00
A vulnerability classified as problematic has been found in DedeCMS 5.7.116. Affected is an unknown function of the file /member/article_add.php. The manipulation of the argument body leads to cross site scripting. It is possible to launch the attack remotely. The exploit has…
- CVE-2024-11138Nov 12, 2024risk 0.00cvss —epss 0.02
A vulnerability classified as problematic has been found in DedeCMS 5.7.116. This affects an unknown part of the file /dede/uploads/dede/friendlink_add.php. The manipulation of the argument logoimg leads to unrestricted upload. It is possible to initiate the attack remotely. The…
- CVE-2024-9076Sep 22, 2024risk 0.00cvss —epss 0.21
A vulnerability was found in DedeCMS up to 5.7.115. It has been rated as critical. This issue affects some unknown processing of the file /dede/article_string_mix.php. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been…
- CVE-2024-46373Sep 18, 2024risk 0.00cvss —epss 0.00
Dedecms V5.7.115 contains an arbitrary code execution via file upload vulnerability in the backend.
- CVE-2024-46372Sep 18, 2024risk 0.00cvss —epss 0.00
DedeCMS 5.7.115 is vulnerable to Cross Site Scripting (XSS) via the advertisement code box in the advertisement management module.
- CVE-2024-42636Aug 23, 2024risk 0.00cvss —epss 0.01
DedeCMS V5.7.115 has a command execution vulnerability via file_manage_view.php?fmdo=newfile&activepath.
Page 1 of 4