Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dedecms dedecms 5.7 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-18114
An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows malicious users to upload a webshell in HTM format.
Dedecms Dedecms 5.7
7.5
CVSSv2
CVE-2020-22198
SQL Injection vulnerability in DedeCMS 5.7 via mdescription parameter to member/ajax_membergroup.php.
Dedecms Dedecms 5.7
7.5
CVSSv2
CVE-2018-19061
DedeCMS 5.7 SP2 has SQL Injection via the dede\co_do.php ids parameter.
Dedecms Dedecms 5.7
7.5
CVSSv2
CVE-2018-12045
DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=upload request with an upfile1 parameter, as demonstrated by uploading a .php file.
Dedecms Dedecms 5.7
Dedecms Dedecms
7.5
CVSSv2
CVE-2018-10375
A file uploading vulnerability exists in /include/helpers/upload.helper.php in DedeCMS V5.7 SP2, which can be utilized by malicious users to upload and execute arbitrary PHP code via the /dede/archives_do.php?dopost=uploadLitpic litpic parameter when "Content-Type: image/jpe...
Dedecms Dedecms 5.7
7.5
CVSSv2
CVE-2018-9175
DedeCMS 5.7 allows remote malicious users to execute arbitrary PHP code via the egroup parameter to uploads/dede/stepselect_main.php because code within the database is accessible to uploads/dede/sys_cache_up.php.
Dedecms Dedecms 5.7
7.5
CVSSv2
CVE-2018-9174
sys_verifies.php in DedeCMS 5.7 allows remote malicious users to execute arbitrary PHP code via the refiles array parameter, because the contents of modifytmp.inc are under an attacker's control.
Dedecms Dedecms 5.7
7.5
CVSSv2
CVE-2017-17730
DedeCMS up to and including 5.7 has SQL Injection via the logo parameter to plus/flink_add.php.
Dedecms Dedecms
7.5
CVSSv2
CVE-2017-17731
DedeCMS up to and including 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php.
Dedecms Dedecms
6.8
CVSSv2
CVE-2020-18917
The plus/search.php component in DedeCMS 5.7 SP2 allows remote malicious users to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker's control.
Dedecms Dedecms 5.7
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »