Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dedecms dedecms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-46442
dedecms <=V5.7.102 is vulnerable to SQL Injection. In sys_ sql_ n query.php there are no restrictions on the sql query.
Dedecms Dedecms
NA
CVE-2023-34842
Remote Code Execution vulnerability in DedeCMS up to and including 5.7.109 allows remote malicious users to run arbitrary code via crafted POST request to /dede/tpl.php.
Dedecms Dedecms
NA
CVE-2023-5022
A vulnerability has been found in DedeCMS up to 5.7.100 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /include/dialog/select_templets_post.php. The manipulation of the argument activepath leads to absolute path traversal. The a...
Dedecms Dedecms
NA
CVE-2023-40874
DedeCMS up to and including 5.7.110 exists to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_add.php via the votename and voteitem1 parameters.
Dedecms Dedecms
NA
CVE-2023-40875
DedeCMS up to and including 5.7.110 exists to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_edit.php via the votename and votenote parameters.
Dedecms Dedecms
NA
CVE-2023-40876
DedeCMS up to and including 5.7.110 exists to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_add.php via the title parameter.
Dedecms Dedecms
NA
CVE-2023-40877
DedeCMS up to and including 5.7.110 exists to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_edit.php via the title parameter.
Dedecms Dedecms
NA
CVE-2023-27707
SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote malicious user to execute arbitrary code via the rank_* parameter in the /dede/group_store.php endpoint.
Dedecms Dedecms
NA
CVE-2023-27709
SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote malicious user to execute arbitrary code via the rank_* parameter in the /dedestory_catalog.php endpoint.
Dedecms Dedecms
6.8
CVSSv2
CVE-2017-17727
DedeCMS up to and including 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in the templet parameter to member/article_edit.php.
Dedecms Dedecms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »