Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dedecms dedecms 5.7 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-8933
In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory (without being blocked by the Web Application Firewall), and then execute this file, via this sequence of steps: visiting the management page, clicking on the template, clicking on Default Template Mana...
Dedecms Dedecms 5.7
8.8
CVSSv3
CVE-2018-20129
An issue exists in DedeCMS V5.7 SP2. uploads/include/dialog/select_images_post.php allows remote malicious users to upload and execute arbitrary PHP code via a double extension and a modified ".php" substring, in conjunction with the image/jpeg content type, as demonstr...
Dedecms Dedecms 5.7
5.4
CVSSv3
CVE-2020-16632
A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter.
Dedecms Dedecms 5.7
9.8
CVSSv3
CVE-2018-19061
DedeCMS 5.7 SP2 has SQL Injection via the dede\co_do.php ids parameter.
Dedecms Dedecms 5.7
6.5
CVSSv3
CVE-2019-10014
In DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticated users to reset the passwords of arbitrary users via a modified id parameter, because the key parameter is not properly validated.
Dedecms Dedecms 5.7
8.8
CVSSv3
CVE-2018-9134
file_manage_control.php in DedeCMS 5.7 has CSRF in an fmdo=rename action, as demonstrated by renaming an arbitrary file under uploads/userup to a .php file under the web root to achieve PHP code execution. This uses the oldfilename and newfilename parameters.
Dedecms Dedecms 5.7
9.8
CVSSv3
CVE-2018-9174
sys_verifies.php in DedeCMS 5.7 allows remote malicious users to execute arbitrary PHP code via the refiles array parameter, because the contents of modifytmp.inc are under an attacker's control.
Dedecms Dedecms 5.7
9.8
CVSSv3
CVE-2018-9175
DedeCMS 5.7 allows remote malicious users to execute arbitrary PHP code via the egroup parameter to uploads/dede/stepselect_main.php because code within the database is accessible to uploads/dede/sys_cache_up.php.
Dedecms Dedecms 5.7
5.3
CVSSv3
CVE-2018-6881
EmpireCMS 6.6 allows remote malicious users to discover the full path via an array value for a parameter to admin/tool/ShowPic.php.
Dedecms Dedecms 5.7
Phome Empirecms 6.6
Phome Empirecms 7.0
Phome Empirecms 7.2
9.8
CVSSv3
CVE-2017-17730
DedeCMS up to and including 5.7 has SQL Injection via the logo parameter to plus/flink_add.php.
Dedecms Dedecms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »