Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dedecms vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-8362
DedeCMS through V5.7SP2 allows arbitrary file upload in dede/album_edit.php or dede/album_add.php, as demonstrated by a dede/album_edit.php?dopost=save&formzip=1 request with a ZIP archive that contains a file such as "1.jpg.php" (because input validation only check...
Dedecms Dedecms 5.7
Dedecms Dedecms
7.5
CVSSv2
CVE-2018-12045
DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=upload request with an upfile1 parameter, as demonstrated by uploading a .php file.
Dedecms Dedecms 5.7
Dedecms Dedecms
5
CVSSv2
CVE-2018-12046
DedeCMS up to and including 5.7SP2 allows arbitrary file write in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file.
Dedecms Dedecms
Dedecms Dedecms 5.7
6.5
CVSSv2
CVE-2015-4553
A file upload issue exists in DeDeCMS prior to 5.7-sp1, which allows malicious users getshell.
Dedecms Dedecms
Dedecms Dedecms 5.7
1 EDB exploit
NA
CVE-2022-35516
DedeCMS v5.7.93 - v5.7.96 exists to contain a remote code execution vulnerability in login.php.
Dedecms Dedecms
NA
CVE-2022-46442
dedecms <=V5.7.102 is vulnerable to SQL Injection. In sys_ sql_ n query.php there are no restrictions on the sql query.
Dedecms Dedecms
NA
CVE-2023-34842
Remote Code Execution vulnerability in DedeCMS up to and including 5.7.109 allows remote malicious users to run arbitrary code via crafted POST request to /dede/tpl.php.
Dedecms Dedecms
NA
CVE-2023-5022
A vulnerability has been found in DedeCMS up to 5.7.100 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /include/dialog/select_templets_post.php. The manipulation of the argument activepath leads to absolute path traversal. The a...
Dedecms Dedecms
NA
CVE-2023-43226
An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and previous versions allows malicious users to execute arbitrary code via uploading a crafted PHP file.
Dedecms Dedecms
NA
CVE-2023-7212
A vulnerability classified as critical has been found in DeDeCMS up to 5.7.112. Affected is an unknown function of the file file_class.php of the component Backend. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been d...
Dedecms Dedecms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »