VYPR

Vendor CVEs

Dedecms

All CVEs

170 total · sorted by risk
  • CVE-2020-36493Oct 22, 2021
    risk 0.00cvss epss 0.01

    DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component media_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.

  • CVE-2020-36494Oct 22, 2021
    risk 0.00cvss epss 0.01

    DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component mychannel_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters.

  • CVE-2020-36495Oct 22, 2021
    risk 0.00cvss epss 0.01

    DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `filename`, `mid`, `userid`, and `templet' parameters.

  • CVE-2020-36496Oct 22, 2021
    risk 0.00cvss epss 0.01

    DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component sys_admin_user_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters.

  • CVE-2020-36497Oct 22, 2021
    risk 0.00cvss epss 0.01

    DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component makehtml_homepage.php via the `filename`, `mid`, `userid`, and `templet' parameters.

  • CVE-2020-18114Aug 27, 2021
    risk 0.00cvss epss 0.02

    An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows attackers to upload a webshell in HTM format.

  • CVE-2020-18917Aug 24, 2021
    risk 0.00cvss epss 0.01

    The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker's control.

  • CVE-2020-22198Jun 16, 2021
    risk 0.00cvss epss 0.02

    SQL Injection vulnerability in DedeCMS 5.7 via mdescription parameter to member/ajax_membergroup.php.

  • CVE-2020-16632May 14, 2021
    risk 0.00cvss epss 0.01

    A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter.

  • CVE-2021-32073May 14, 2021
    risk 0.00cvss epss 0.01

    DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution.

  • CVE-2019-10014Mar 24, 2019
    risk 0.00cvss epss 0.01

    In DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticated users to reset the passwords of arbitrary users via a modified id parameter, because the key parameter is not properly validated.

  • CVE-2019-8362Feb 16, 2019
    risk 0.00cvss epss 0.01

    DedeCMS through V5.7SP2 allows arbitrary file upload in dede/album_edit.php or dede/album_add.php, as demonstrated by a dede/album_edit.php?dopost=save&formzip=1 request with a ZIP archive that contains a file such as "1.jpg.php" (because input validation only checks that .jpg,…

  • CVE-2019-6289Jan 15, 2019
    risk 0.00cvss epss 0.02

    uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows remote attackers to execute arbitrary PHP code by uploading with a safe file extension and then renaming with a mixed-case variation of the .php extension, as demonstrated by the 1.pHP filename.

  • CVE-2018-19061Nov 7, 2018
    risk 0.00cvss epss 0.02

    DedeCMS 5.7 SP2 has SQL Injection via the dede\co_do.php ids parameter.

  • CVE-2018-18782Oct 29, 2018
    risk 0.00cvss epss 0.01

    Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/myfriend.php ftype parameter.

  • CVE-2018-18781Oct 29, 2018
    risk 0.00cvss epss 0.01

    DedeCMS 5.7 SP2 allows XSS via the /member/uploads_select.php f or keyword parameter.

  • CVE-2018-18578Oct 22, 2018
    risk 0.00cvss epss 0.01

    DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter.

  • CVE-2018-18579Oct 22, 2018
    risk 0.00cvss epss 0.01

    Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter.

  • CVE-2010-1097Mar 24, 2010
    risk 0.00cvss epss 0.01

    include/userlogin.class.php in DeDeCMS 5.5 GBK, when session.auto_start is enabled, allows remote attackers to bypass authentication and gain administrative access via a value of 1 for the _SESSION[dede_admin_id] parameter, as demonstrated by a request to…

  • CVE-2009-2270Jul 1, 2009
    risk 0.00cvss epss 0.02

    Unrestricted file upload vulnerability in member/uploads_edit.php in dedecms 5.3 allows remote attackers to execute arbitrary code by uploading a file with a double extension in the filename, then accessing this file via unspecified vectors, as demonstrated by a .jpg.php…

Page 4 of 4