Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dedecms dedecms 5.7 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2018-20129
An issue exists in DedeCMS V5.7 SP2. uploads/include/dialog/select_images_post.php allows remote malicious users to upload and execute arbitrary PHP code via a double extension and a modified ".php" substring, in conjunction with the image/jpeg content type, as demonstr...
Dedecms Dedecms 5.7
9.8
CVSSv3
CVE-2018-19061
DedeCMS 5.7 SP2 has SQL Injection via the dede\co_do.php ids parameter.
Dedecms Dedecms 5.7
6.1
CVSSv3
CVE-2018-18782
Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/myfriend.php ftype parameter.
Dedecms Dedecms 5.7
6.1
CVSSv3
CVE-2018-18781
DedeCMS 5.7 SP2 allows XSS via the /member/uploads_select.php f or keyword parameter.
Dedecms Dedecms 5.7
6.1
CVSSv3
CVE-2018-18608
DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATH_INFO to /member/index.php, /member/pm.php, /member/content_lis...
Dedecms Dedecms 5.7
6.1
CVSSv3
CVE-2018-18579
Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter.
Dedecms Dedecms 5.7
6.1
CVSSv3
CVE-2018-18578
DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter.
Dedecms Dedecms 5.7
7.2
CVSSv3
CVE-2018-16784
DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "<file type='file' name='../" substring.
Dedecms Dedecms 5.7
6.1
CVSSv3
CVE-2018-16786
DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg parameter to /plus/feedback_ajax.php.
Dedecms Dedecms 5.7
8.8
CVSSv3
CVE-2018-16785
XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by malicious users to create script file to obtain webshell
Dedecms Dedecms 5.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »