Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dedecms vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-40877
DedeCMS up to and including 5.7.110 exists to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_edit.php via the title parameter.
Dedecms Dedecms
9.8
CVSSv3
CVE-2023-34842
Remote Code Execution vulnerability in DedeCMS up to and including 5.7.109 allows remote malicious users to run arbitrary code via crafted POST request to /dede/tpl.php.
Dedecms Dedecms
8.8
CVSSv3
CVE-2024-22895
DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php.
Dedecms Dedecms 5.7.112
9.8
CVSSv3
CVE-2022-23337
DedeCMS v5.7.87 exists to contain a SQL injection vulnerability in article_coonepage_rule.php via the ids parameter.
Dedecms Dedecms 5.7.87
6.1
CVSSv3
CVE-2018-16786
DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg parameter to /plus/feedback_ajax.php.
Dedecms Dedecms 5.7
9.8
CVSSv3
CVE-2023-37839
An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.109 allows malicious users to execute arbitrary code via uploading a crafted PHP file.
Dedecms Dedecms 5.7.109
NA
CVE-2010-1097
include/userlogin.class.php in DeDeCMS 5.5 GBK, when session.auto_start is enabled, allows remote malicious users to bypass authentication and gain administrative access via a value of 1 for the _SESSION[dede_admin_id] parameter, as demonstrated by a request to uploads/include/di...
Dedecms Dedecms 5.5
7.5
CVSSv3
CVE-2018-6910
DedeCMS 5.7 allows remote malicious users to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php.
Dedecms Dedecms 5.7
9.8
CVSSv3
CVE-2018-10375
A file uploading vulnerability exists in /include/helpers/upload.helper.php in DedeCMS V5.7 SP2, which can be utilized by malicious users to upload and execute arbitrary PHP code via the /dede/archives_do.php?dopost=uploadLitpic litpic parameter when "Content-Type: image/jpe...
Dedecms Dedecms 5.7
5.4
CVSSv3
CVE-2020-23044
DedeCMS v7.5 SP2 exists to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_pic_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
Dedecms Dedecms 7.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38002
CVE-2006-4304
CVE-2024-4336
CVE-2024-33437
CVE-2024-4340
CVE-2024-27956
privilege
insecure direct object reference
XSS
item search icon">CVE-2024-25938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »