Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dedecms vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-36495
DedeCMS v7.5 SP2 exists to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `filename`, `mid`, `userid`, and `templet' parameters.
Dedecms Dedecms 7.5
6.1
CVSSv3
CVE-2020-36496
DedeCMS v7.5 SP2 exists to contain multiple cross-site scripting (XSS) vulnerabilities in the component sys_admin_user_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters.
Dedecms Dedecms 7.5
6.1
CVSSv3
CVE-2020-36497
DedeCMS v7.5 SP2 exists to contain multiple cross-site scripting (XSS) vulnerabilities in the component makehtml_homepage.php via the `filename`, `mid`, `userid`, and `templet' parameters.
Dedecms Dedecms 7.5
5.4
CVSSv3
CVE-2020-23044
DedeCMS v7.5 SP2 exists to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_pic_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
Dedecms Dedecms 7.5
6.1
CVSSv3
CVE-2020-23046
DedeCMS v7.5 SP2 exists to contain multiple cross-site scripting (XSS) vulnerabilities in the component tpl.php via the `filename`, `mid`, `userid`, and `templet' parameters.
Dedecms Dedecms 7.5
9.8
CVSSv3
CVE-2020-18114
An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows malicious users to upload a webshell in HTM format.
Dedecms Dedecms 5.7
8.8
CVSSv3
CVE-2020-18917
The plus/search.php component in DedeCMS 5.7 SP2 allows remote malicious users to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker's control.
Dedecms Dedecms 5.7
9.8
CVSSv3
CVE-2020-22198
SQL Injection vulnerability in DedeCMS 5.7 via mdescription parameter to member/ajax_membergroup.php.
Dedecms Dedecms 5.7
8.8
CVSSv3
CVE-2021-32073
DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote malicious user to send a malicious request to to the web manager allowing remote code execution.
5.4
CVSSv3
CVE-2020-16632
A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter.
Dedecms Dedecms 5.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »