Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dedecms vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-17730
DedeCMS up to and including 5.7 has SQL Injection via the logo parameter to plus/flink_add.php.
Dedecms Dedecms
9.8
CVSSv3
CVE-2017-17731
DedeCMS up to and including 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php.
Dedecms Dedecms
5.4
CVSSv3
CVE-2020-36490
DedeCMS v7.5 SP2 exists to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
Dedecms Dedecms 7.5
5.4
CVSSv3
CVE-2020-36492
DedeCMS v7.5 SP2 exists to contain multiple cross-site scripting (XSS) vulnerabilities in the component select_media.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
Dedecms Dedecms 7.5
6.1
CVSSv3
CVE-2020-36494
DedeCMS v7.5 SP2 exists to contain multiple cross-site scripting (XSS) vulnerabilities in the component mychannel_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters.
Dedecms Dedecms 7.5
6.1
CVSSv3
CVE-2020-36495
DedeCMS v7.5 SP2 exists to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `filename`, `mid`, `userid`, and `templet' parameters.
Dedecms Dedecms 7.5
6.1
CVSSv3
CVE-2020-36497
DedeCMS v7.5 SP2 exists to contain multiple cross-site scripting (XSS) vulnerabilities in the component makehtml_homepage.php via the `filename`, `mid`, `userid`, and `templet' parameters.
Dedecms Dedecms 7.5
8.8
CVSSv3
CVE-2019-6289
uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows remote malicious users to execute arbitrary PHP code by uploading with a safe file extension and then renaming with a mixed-case variation of the .php extension, as demonstrated by the 1.pHP filename.
Dedecms Dedecms 5.7
8.8
CVSSv3
CVE-2023-5301
A vulnerability classified as critical was found in DedeCMS 5.7.111. This vulnerability affects the function AddMyAddon of the file album_add.php. The manipulation of the argument albumUploadFiles leads to os command injection. The attack can be initiated remotely. The exploit ha...
Dedecms Dedecms 5.7.111
5.4
CVSSv3
CVE-2023-31757
DedeCMS up to v5.7.108 is vulnerable to XSS in sys_info.php via parameters 'edit___cfg_powerby' and 'edit___cfg_beian'
Dedecms Dedecms 5.7.108
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »