Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dedecms dedecms 5.7 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-12045
DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=upload request with an upfile1 parameter, as demonstrated by uploading a .php file.
Dedecms Dedecms 5.7
Dedecms Dedecms
7.5
CVSSv3
CVE-2018-12046
DedeCMS up to and including 5.7SP2 allows arbitrary file write in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file.
Dedecms Dedecms
Dedecms Dedecms 5.7
9.8
CVSSv3
CVE-2018-10375
A file uploading vulnerability exists in /include/helpers/upload.helper.php in DedeCMS V5.7 SP2, which can be utilized by malicious users to upload and execute arbitrary PHP code via the /dede/archives_do.php?dopost=uploadLitpic litpic parameter when "Content-Type: image/jpe...
Dedecms Dedecms 5.7
9.8
CVSSv3
CVE-2018-9174
sys_verifies.php in DedeCMS 5.7 allows remote malicious users to execute arbitrary PHP code via the refiles array parameter, because the contents of modifytmp.inc are under an attacker's control.
Dedecms Dedecms 5.7
9.8
CVSSv3
CVE-2018-9175
DedeCMS 5.7 allows remote malicious users to execute arbitrary PHP code via the egroup parameter to uploads/dede/stepselect_main.php because code within the database is accessible to uploads/dede/sys_cache_up.php.
Dedecms Dedecms 5.7
8.8
CVSSv3
CVE-2018-9134
file_manage_control.php in DedeCMS 5.7 has CSRF in an fmdo=rename action, as demonstrated by renaming an arbitrary file under uploads/userup to a .php file under the web root to achieve PHP code execution. This uses the oldfilename and newfilename parameters.
Dedecms Dedecms 5.7
8.8
CVSSv3
CVE-2018-7700
DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code.
Dedecms Dedecms 5.7
1 Github repository
7.5
CVSSv3
CVE-2018-6910
DedeCMS 5.7 allows remote malicious users to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php.
Dedecms Dedecms 5.7
5.3
CVSSv3
CVE-2018-6881
EmpireCMS 6.6 allows remote malicious users to discover the full path via an array value for a parameter to admin/tool/ShowPic.php.
Dedecms Dedecms 5.7
Phome Empirecms 6.6
Phome Empirecms 7.0
Phome Empirecms 7.2
9.8
CVSSv3
CVE-2017-17730
DedeCMS up to and including 5.7 has SQL Injection via the logo parameter to plus/flink_add.php.
Dedecms Dedecms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »