Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dedecms dedecms 5.7 vulnerabilities and exploits
(subscribe to this query)
446
VMScore
CVE-2019-8362
DedeCMS through V5.7SP2 allows arbitrary file upload in dede/album_edit.php or dede/album_add.php, as demonstrated by a dede/album_edit.php?dopost=save&formzip=1 request with a ZIP archive that contains a file such as "1.jpg.php" (because input validation only check...
Dedecms Dedecms 5.7
Dedecms Dedecms
668
VMScore
CVE-2018-12045
DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=upload request with an upfile1 parameter, as demonstrated by uploading a .php file.
Dedecms Dedecms 5.7
Dedecms Dedecms
445
VMScore
CVE-2018-12046
DedeCMS up to and including 5.7SP2 allows arbitrary file write in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file.
Dedecms Dedecms
Dedecms Dedecms 5.7
655
VMScore
CVE-2015-4553
A file upload issue exists in DeDeCMS prior to 5.7-sp1, which allows malicious users getshell.
Dedecms Dedecms
Dedecms Dedecms 5.7
1 EDB exploit
668
VMScore
CVE-2018-19061
DedeCMS 5.7 SP2 has SQL Injection via the dede\co_do.php ids parameter.
Dedecms Dedecms 5.7
578
VMScore
CVE-2018-16784
DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "<file type='file' name='../" substring.
Dedecms Dedecms 5.7
578
VMScore
CVE-2018-16785
XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by malicious users to create script file to obtain webshell
Dedecms Dedecms 5.7
383
VMScore
CVE-2018-16786
DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg parameter to /plus/feedback_ajax.php.
Dedecms Dedecms 5.7
578
VMScore
CVE-2019-6289
uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows remote malicious users to execute arbitrary PHP code by uploading with a safe file extension and then renaming with a mixed-case variation of the .php extension, as demonstrated by the 1.pHP filename.
Dedecms Dedecms 5.7
447
VMScore
CVE-2018-6910
DedeCMS 5.7 allows remote malicious users to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php.
Dedecms Dedecms 5.7
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »