Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dedecms vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-40784
DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/module_make.php.
Dedecms Dedecms 5.7.102
8.8
CVSSv3
CVE-2019-6289
uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows remote malicious users to execute arbitrary PHP code by uploading with a safe file extension and then renaming with a mixed-case variation of the .php extension, as demonstrated by the 1.pHP filename.
Dedecms Dedecms 5.7
9.8
CVSSv3
CVE-2023-37839
An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.109 allows malicious users to execute arbitrary code via uploading a crafted PHP file.
Dedecms Dedecms 5.7.109
8.8
CVSSv3
CVE-2019-8933
In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory (without being blocked by the Web Application Firewall), and then execute this file, via this sequence of steps: visiting the management page, clicking on the template, clicking on Default Template Mana...
Dedecms Dedecms 5.7
8.8
CVSSv3
CVE-2018-20129
An issue exists in DedeCMS V5.7 SP2. uploads/include/dialog/select_images_post.php allows remote malicious users to upload and execute arbitrary PHP code via a double extension and a modified ".php" substring, in conjunction with the image/jpeg content type, as demonstr...
Dedecms Dedecms 5.7
8.8
CVSSv3
CVE-2023-2424
A vulnerability was found in DedeCMS 5.7.106 and classified as critical. Affected by this issue is the function UpDateMemberModCache of the file uploads/dede/config.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been discl...
Dedecms Dedecms 5.7.106
5.4
CVSSv3
CVE-2020-16632
A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter.
Dedecms Dedecms 5.7
8.8
CVSSv3
CVE-2023-36298
DedeCMS v5.7.109 has a File Upload vulnerability, leading to remote code execution (RCE).
Dedecms Dedecms 5.7.109
7.2
CVSSv3
CVE-2023-27733
DedeCMS v5.7.106 exists to contain a SQL injection vulnerability via the component /dede/sys_sql_query.php.
Dedecms Dedecms 5.7.106
6.1
CVSSv3
CVE-2022-36583
DedeCMS V5.7.97 exists to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/co_do.php via the dopost, rpok, and aid parameters.
Dedecms Dedecms 5.7.97
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »