Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dedecms dedecms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-27707
SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote malicious user to execute arbitrary code via the rank_* parameter in the /dede/group_store.php endpoint.
Dedecms Dedecms
NA
CVE-2023-27709
SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote malicious user to execute arbitrary code via the rank_* parameter in the /dedestory_catalog.php endpoint.
Dedecms Dedecms
578
VMScore
CVE-2018-16784
DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "<file type='file' name='../" substring.
Dedecms Dedecms 5.7
383
VMScore
CVE-2018-18578
DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter.
Dedecms Dedecms 5.7
383
VMScore
CVE-2018-18781
DedeCMS 5.7 SP2 allows XSS via the /member/uploads_select.php f or keyword parameter.
Dedecms Dedecms 5.7
383
VMScore
CVE-2018-18782
Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/myfriend.php ftype parameter.
Dedecms Dedecms 5.7
NA
CVE-2024-22895
DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php.
Dedecms Dedecms 5.7.112
312
VMScore
CVE-2020-36492
DedeCMS v7.5 SP2 exists to contain multiple cross-site scripting (XSS) vulnerabilities in the component select_media.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
Dedecms Dedecms 7.5
383
VMScore
CVE-2020-36494
DedeCMS v7.5 SP2 exists to contain multiple cross-site scripting (XSS) vulnerabilities in the component mychannel_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters.
Dedecms Dedecms 7.5
383
VMScore
CVE-2020-36496
DedeCMS v7.5 SP2 exists to contain multiple cross-site scripting (XSS) vulnerabilities in the component sys_admin_user_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters.
Dedecms Dedecms 7.5
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »