Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dedecms dedecms 5.7 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2015-4553
A file upload issue exists in DeDeCMS prior to 5.7-sp1, which allows malicious users getshell.
Dedecms Dedecms
Dedecms Dedecms 5.7
1 EDB exploit
9.8
CVSSv3
CVE-2018-12045
DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=upload request with an upfile1 parameter, as demonstrated by uploading a .php file.
Dedecms Dedecms 5.7
Dedecms Dedecms
7.5
CVSSv3
CVE-2018-12046
DedeCMS up to and including 5.7SP2 allows arbitrary file write in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file.
Dedecms Dedecms
Dedecms Dedecms 5.7
7.5
CVSSv3
CVE-2019-8362
DedeCMS through V5.7SP2 allows arbitrary file upload in dede/album_edit.php or dede/album_add.php, as demonstrated by a dede/album_edit.php?dopost=save&formzip=1 request with a ZIP archive that contains a file such as "1.jpg.php" (because input validation only check...
Dedecms Dedecms 5.7
Dedecms Dedecms
6.5
CVSSv3
CVE-2019-10014
In DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticated users to reset the passwords of arbitrary users via a modified id parameter, because the key parameter is not properly validated.
Dedecms Dedecms 5.7
8.8
CVSSv3
CVE-2018-7700
DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code.
Dedecms Dedecms 5.7
1 Github repository
6.1
CVSSv3
CVE-2018-18579
Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter.
Dedecms Dedecms 5.7
8.8
CVSSv3
CVE-2023-43275
Cross-Site Request Forgery (CSRF) vulnerability in DedeCMS v5.7 in 110 backend management interface via /catalog_add.php, allows malicious users to create crafted web pages due to a lack of verification of the token value of the submitted form.
Dedecms Dedecms 5.7
8.8
CVSSv3
CVE-2018-20129
An issue exists in DedeCMS V5.7 SP2. uploads/include/dialog/select_images_post.php allows remote malicious users to upload and execute arbitrary PHP code via a double extension and a modified ".php" substring, in conjunction with the image/jpeg content type, as demonstr...
Dedecms Dedecms 5.7
6.1
CVSSv3
CVE-2018-18578
DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter.
Dedecms Dedecms 5.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »