Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dedecms vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2023-27707
SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote malicious user to execute arbitrary code via the rank_* parameter in the /dede/group_store.php endpoint.
Dedecms Dedecms
9.8
CVSSv3
CVE-2022-35516
DedeCMS v5.7.93 - v5.7.96 exists to contain a remote code execution vulnerability in login.php.
Dedecms Dedecms
8.8
CVSSv3
CVE-2017-17727
DedeCMS up to and including 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in the templet parameter to member/article_edit.php.
Dedecms Dedecms
9.8
CVSSv3
CVE-2017-17730
DedeCMS up to and including 5.7 has SQL Injection via the logo parameter to plus/flink_add.php.
Dedecms Dedecms
9.8
CVSSv3
CVE-2017-17731
DedeCMS up to and including 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php.
Dedecms Dedecms
9.8
CVSSv3
CVE-2023-34842
Remote Code Execution vulnerability in DedeCMS up to and including 5.7.109 allows remote malicious users to run arbitrary code via crafted POST request to /dede/tpl.php.
Dedecms Dedecms
9.8
CVSSv3
CVE-2023-2056
A vulnerability was found in DedeCMS up to 5.7.87 and classified as critical. This issue affects the function GetSystemFile of the file module_main.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public an...
Dedecms Dedecms
7.2
CVSSv3
CVE-2022-36216
DedeCMS v5.7.94 - v5.7.97 exists to contain a remote code execution vulnerability in member_toadmin.php.
Dedecms Dedecms
7.2
CVSSv3
CVE-2023-27709
SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote malicious user to execute arbitrary code via the rank_* parameter in the /dedestory_catalog.php endpoint.
Dedecms Dedecms
9.8
CVSSv3
CVE-2023-7212
A vulnerability classified as critical has been found in DeDeCMS up to 5.7.112. Affected is an unknown function of the file file_class.php of the component Backend. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been d...
Dedecms Dedecms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »