Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dedecms vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-34842
Remote Code Execution vulnerability in DedeCMS up to and including 5.7.109 allows remote malicious users to run arbitrary code via crafted POST request to /dede/tpl.php.
Dedecms Dedecms
9.8
CVSSv3
CVE-2022-35516
DedeCMS v5.7.93 - v5.7.96 exists to contain a remote code execution vulnerability in login.php.
Dedecms Dedecms
6.1
CVSSv3
CVE-2018-18608
DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATH_INFO to /member/index.php, /member/pm.php, /member/content_lis...
Dedecms Dedecms 5.7
6.1
CVSSv3
CVE-2018-18782
Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/myfriend.php ftype parameter.
Dedecms Dedecms 5.7
6.1
CVSSv3
CVE-2018-18578
DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter.
Dedecms Dedecms 5.7
6.1
CVSSv3
CVE-2018-18579
Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter.
Dedecms Dedecms 5.7
5.3
CVSSv3
CVE-2023-2059
A vulnerability was found in DedeCMS 5.7.87. It has been rated as problematic. Affected by this issue is some unknown functionality of the file uploads/include/dialog/select_templets.php. The manipulation leads to path traversal: '..\filedir'. The attack may be launched...
Dedecms Dedecms 5.7.87
8.8
CVSSv3
CVE-2023-5301
A vulnerability classified as critical was found in DedeCMS 5.7.111. This vulnerability affects the function AddMyAddon of the file album_add.php. The manipulation of the argument albumUploadFiles leads to os command injection. The attack can be initiated remotely. The exploit ha...
Dedecms Dedecms 5.7.111
6.7
CVSSv3
CVE-2022-43192
An arbitrary file upload vulnerability in the component /dede/file_manage_control.php of Dedecms v5.7.101 allows malicious users to execute arbitrary code via a crafted PHP file. This vulnerability is related to an incomplete fix for CVE-2022-40886.
Dedecms Dedecms 5.7.101
9.8
CVSSv3
CVE-2023-37839
An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.109 allows malicious users to execute arbitrary code via uploading a crafted PHP file.
Dedecms Dedecms 5.7.109
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »