Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dedecms dedecms vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2020-36497
DedeCMS v7.5 SP2 exists to contain multiple cross-site scripting (XSS) vulnerabilities in the component makehtml_homepage.php via the `filename`, `mid`, `userid`, and `templet' parameters.
Dedecms Dedecms 7.5
605
VMScore
CVE-2018-7700
DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code.
Dedecms Dedecms 5.7
1 Github repository
447
VMScore
CVE-2018-6910
DedeCMS 5.7 allows remote malicious users to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php.
Dedecms Dedecms 5.7
NA
CVE-2022-43192
An arbitrary file upload vulnerability in the component /dede/file_manage_control.php of Dedecms v5.7.101 allows malicious users to execute arbitrary code via a crafted PHP file. This vulnerability is related to an incomplete fix for CVE-2022-40886.
Dedecms Dedecms 5.7.101
490
VMScore
CVE-2022-30508
DedeCMS v5.7.93 exists to contain arbitrary file deletion vulnerability in upload.php via the delete parameter.
Dedecms Dedecms 5.7.93
668
VMScore
CVE-2018-10375
A file uploading vulnerability exists in /include/helpers/upload.helper.php in DedeCMS V5.7 SP2, which can be utilized by malicious users to upload and execute arbitrary PHP code via the /dede/archives_do.php?dopost=uploadLitpic litpic parameter when "Content-Type: image/jpe...
Dedecms Dedecms 5.7
NA
CVE-2022-48140
DedeCMS v5.7.97 exists to contain a cross-site scripting (XSS) vulnerability in the component /file_manage_view.php?fmdo=edit&filename.
Dedecms Dedecms 5.7.97
668
VMScore
CVE-2020-22198
SQL Injection vulnerability in DedeCMS 5.7 via mdescription parameter to member/ajax_membergroup.php.
Dedecms Dedecms 5.7
312
VMScore
CVE-2020-36490
DedeCMS v7.5 SP2 exists to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
Dedecms Dedecms 7.5
605
VMScore
CVE-2009-2270
Unrestricted file upload vulnerability in member/uploads_edit.php in dedecms 5.3 allows remote malicious users to execute arbitrary code by uploading a file with a double extension in the filename, then accessing this file via unspecified vectors, as demonstrated by a .jpg.php fi...
Dedecms Dedecms 5.3
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »