Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dedecms dedecms vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-8362
DedeCMS through V5.7SP2 allows arbitrary file upload in dede/album_edit.php or dede/album_add.php, as demonstrated by a dede/album_edit.php?dopost=save&formzip=1 request with a ZIP archive that contains a file such as "1.jpg.php" (because input validation only check...
Dedecms Dedecms 5.7
Dedecms Dedecms
9.8
CVSSv3
CVE-2018-12045
DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=upload request with an upfile1 parameter, as demonstrated by uploading a .php file.
Dedecms Dedecms 5.7
Dedecms Dedecms
7.5
CVSSv3
CVE-2018-12046
DedeCMS up to and including 5.7SP2 allows arbitrary file write in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file.
Dedecms Dedecms
Dedecms Dedecms 5.7
8.8
CVSSv3
CVE-2015-4553
A file upload issue exists in DeDeCMS prior to 5.7-sp1, which allows malicious users getshell.
Dedecms Dedecms
Dedecms Dedecms 5.7
1 EDB exploit
9.8
CVSSv3
CVE-2022-46442
dedecms <=V5.7.102 is vulnerable to SQL Injection. In sys_ sql_ n query.php there are no restrictions on the sql query.
Dedecms Dedecms
8.8
CVSSv3
CVE-2023-2928
A vulnerability was found in DedeCMS up to 5.7.106. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file uploads/dede/article_allowurl_edit.php. The manipulation of the argument allurls leads to code injection. The attack can be...
Dedecms Dedecms
9.8
CVSSv3
CVE-2023-7212
A vulnerability classified as critical has been found in DeDeCMS up to 5.7.112. Affected is an unknown function of the file file_class.php of the component Backend. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been d...
Dedecms Dedecms
5.4
CVSSv3
CVE-2023-40874
DedeCMS up to and including 5.7.110 exists to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_add.php via the votename and voteitem1 parameters.
Dedecms Dedecms
5.4
CVSSv3
CVE-2023-40875
DedeCMS up to and including 5.7.110 exists to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_edit.php via the votename and votenote parameters.
Dedecms Dedecms
5.4
CVSSv3
CVE-2023-40876
DedeCMS up to and including 5.7.110 exists to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_add.php via the title parameter.
Dedecms Dedecms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-26978
CVE-2024-26982
wireless
CVE-2023-6949
CVE-2024-26980
CVE-2024-32766
CVE-2024-26939
cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »