Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dedecms vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2018-7700
DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code.
Dedecms Dedecms 5.7
1 Github repository
5.4
CVSSv3
CVE-2020-36493
DedeCMS v7.5 SP2 exists to contain multiple cross-site scripting (XSS) vulnerabilities in the component media_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
Dedecms Dedecms 7.5
6.1
CVSSv3
CVE-2020-36495
DedeCMS v7.5 SP2 exists to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `filename`, `mid`, `userid`, and `templet' parameters.
Dedecms Dedecms 7.5
9.8
CVSSv3
CVE-2023-37839
An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.109 allows malicious users to execute arbitrary code via uploading a crafted PHP file.
Dedecms Dedecms 5.7.109
8.8
CVSSv3
CVE-2022-43031
DedeCMS v6.1.9 exists to contain a Cross-Site Request Forgery (CSRF) which allows malicious users to arbitrarily add Administrator accounts and modify Admin passwords.
Dedecms Dedecms 6.1.9
1 Github repository
NA
CVE-2011-5200
Multiple SQL injection vulnerabilities in DeDeCMS, possibly 5.6, allow remote malicious users to execute arbitrary SQL commands via the id parameter to (1) list.php, (2) members.php, or (3) book.php.
Dedecms Dedecms 5.6
1 EDB exploit
9.8
CVSSv3
CVE-2022-23337
DedeCMS v5.7.87 exists to contain a SQL injection vulnerability in article_coonepage_rule.php via the ids parameter.
Dedecms Dedecms 5.7.87
9.8
CVSSv3
CVE-2023-3578
A vulnerability classified as critical was found in DedeCMS 5.7.109. Affected by this vulnerability is an unknown functionality of the file co_do.php. The manipulation of the argument rssurl leads to server-side request forgery. The exploit has been disclosed to the public and ma...
Dedecms Dedecms 5.7.109
8.8
CVSSv3
CVE-2023-36298
DedeCMS v5.7.109 has a File Upload vulnerability, leading to remote code execution (RCE).
Dedecms Dedecms 5.7.109
8.8
CVSSv3
CVE-2018-9134
file_manage_control.php in DedeCMS 5.7 has CSRF in an fmdo=rename action, as demonstrated by renaming an arbitrary file under uploads/userup to a .php file under the web root to achieve PHP code execution. This uses the oldfilename and newfilename parameters.
Dedecms Dedecms 5.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »