Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dedecms dedecms vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2017-17727
DedeCMS up to and including 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in the templet parameter to member/article_edit.php.
Dedecms Dedecms
7.5
CVSSv2
CVE-2017-17730
DedeCMS up to and including 5.7 has SQL Injection via the logo parameter to plus/flink_add.php.
Dedecms Dedecms
7.5
CVSSv2
CVE-2009-3806
SQL injection vulnerability in feedback_js.php in DedeCMS 5.1 allows remote malicious users to execute arbitrary SQL commands via the arcurl parameter.
Dedecms Dedecms 5.1
1 EDB exploit
7.5
CVSSv2
CVE-2011-5200
Multiple SQL injection vulnerabilities in DeDeCMS, possibly 5.6, allow remote malicious users to execute arbitrary SQL commands via the id parameter to (1) list.php, (2) members.php, or (3) book.php.
Dedecms Dedecms 5.6
1 EDB exploit
6.8
CVSSv2
CVE-2009-2270
Unrestricted file upload vulnerability in member/uploads_edit.php in dedecms 5.3 allows remote malicious users to execute arbitrary code by uploading a file with a double extension in the filename, then accessing this file via unspecified vectors, as demonstrated by a .jpg.php fi...
Dedecms Dedecms 5.3
5.5
CVSSv2
CVE-2022-30508
DedeCMS v5.7.93 exists to contain arbitrary file deletion vulnerability in upload.php via the delete parameter.
Dedecms Dedecms 5.7.93
6.8
CVSSv2
CVE-2018-9134
file_manage_control.php in DedeCMS 5.7 has CSRF in an fmdo=rename action, as demonstrated by renaming an arbitrary file under uploads/userup to a .php file under the web root to achieve PHP code execution. This uses the oldfilename and newfilename parameters.
Dedecms Dedecms 5.7
7.5
CVSSv2
CVE-2018-9174
sys_verifies.php in DedeCMS 5.7 allows remote malicious users to execute arbitrary PHP code via the refiles array parameter, because the contents of modifytmp.inc are under an attacker's control.
Dedecms Dedecms 5.7
NA
CVE-2023-5301
A vulnerability classified as critical was found in DedeCMS 5.7.111. This vulnerability affects the function AddMyAddon of the file album_add.php. The manipulation of the argument albumUploadFiles leads to os command injection. The attack can be initiated remotely. The exploit ha...
Dedecms Dedecms 5.7.111
6.5
CVSSv2
CVE-2018-16785
XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by malicious users to create script file to obtain webshell
Dedecms Dedecms 5.7
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »