Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dedecms dedecms 5.7 vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2019-6289
uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows remote malicious users to execute arbitrary PHP code by uploading with a safe file extension and then renaming with a mixed-case variation of the .php extension, as demonstrated by the 1.pHP filename.
Dedecms Dedecms 5.7
605
VMScore
CVE-2018-7700
DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code.
Dedecms Dedecms 5.7
1 Github repository
356
VMScore
CVE-2019-10014
In DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticated users to reset the passwords of arbitrary users via a modified id parameter, because the key parameter is not properly validated.
Dedecms Dedecms 5.7
668
VMScore
CVE-2020-22198
SQL Injection vulnerability in DedeCMS 5.7 via mdescription parameter to member/ajax_membergroup.php.
Dedecms Dedecms 5.7
605
VMScore
CVE-2018-9134
file_manage_control.php in DedeCMS 5.7 has CSRF in an fmdo=rename action, as demonstrated by renaming an arbitrary file under uploads/userup to a .php file under the web root to achieve PHP code execution. This uses the oldfilename and newfilename parameters.
Dedecms Dedecms 5.7
668
VMScore
CVE-2018-9174
sys_verifies.php in DedeCMS 5.7 allows remote malicious users to execute arbitrary PHP code via the refiles array parameter, because the contents of modifytmp.inc are under an attacker's control.
Dedecms Dedecms 5.7
668
VMScore
CVE-2018-9175
DedeCMS 5.7 allows remote malicious users to execute arbitrary PHP code via the egroup parameter to uploads/dede/stepselect_main.php because code within the database is accessible to uploads/dede/sys_cache_up.php.
Dedecms Dedecms 5.7
668
VMScore
CVE-2020-18114
An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows malicious users to upload a webshell in HTM format.
Dedecms Dedecms 5.7
605
VMScore
CVE-2020-18917
The plus/search.php component in DedeCMS 5.7 SP2 allows remote malicious users to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker's control.
Dedecms Dedecms 5.7
668
VMScore
CVE-2018-19061
DedeCMS 5.7 SP2 has SQL Injection via the dede\co_do.php ids parameter.
Dedecms Dedecms 5.7
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
brute force
CVE-2024-24908
open redirect
CVE-2024-31497
CVE-2023-45866
CVE-2024-4135
CVE-2024-25523
cache poisoning
CVE-2024-4649
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »