Latest dedecms dedecms Vulnerabilities

CVE-2024-22895
DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php.
Dedecms Dedecms=5.7.112
CVE-2023-7212
DeDeCMS Backend file_class.php unrestricted upload
Dedecms Dedecms<=5.7.112
CVE-2023-49494
DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component select_media_post_wangEditor.php.
Dedecms Dedecms=5.7.111
CVE-2023-49492
DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the imgstick parameter at selectimages.php.
Dedecms Dedecms=5.7.111
CVE-2023-49493
DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the v parameter at selectimages.php.
Dedecms Dedecms=5.7.111
CVE-2023-43275
Cross-Site Request Forgery (CSRF) vulnerability in DedeCMS v5.7 in 110 backend management interface via /catalog_add.php, allows attackers to create crafted web pages due to a lack of verification of ...
Dedecms Dedecms=5.7
CVE-2023-48068
DedeCMS v6.2 was discovered to contain a Cross-site Scripting (XSS) vulnerability via spec_add.php.
Dedecms Dedecms=6.2
CVE-2023-5301
A vulnerability classified as critical was found in DedeCMS 5.7.111. This vulnerability affects the function AddMyAddon of the file album_add.php. The manipulation of the argument albumUploadFiles lea...
Dedecms Dedecms=5.7.111
CVE-2023-43226
An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file.
Dedecms Dedecms<=5.7.111
CVE-2023-5022
DedeCMS select_templets_post.php absolute path traversal
Dedecms Dedecms<=5.7.100
<=5.7.100
CVE-2023-40784
DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/module_make.php.
Dedecms Dedecms=5.7.102
CVE-2023-4747
DedeCMS tags.php sql injection
Dedecms Dedecms=5.7.110
=5.7.110
CVE-2023-40874
DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_add.php via the votename and voteitem1 parameters.
Dedecms Dedecms<=5.7.110
CVE-2023-40876
DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_add.php via the title parameter.
Dedecms Dedecms<=5.7.110
CVE-2023-40877
DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_edit.php via the title parameter.
Dedecms Dedecms<=5.7.110
CVE-2023-40875
DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_edit.php via the votename and votenote parameters.
Dedecms Dedecms<=5.7.110
CVE-2023-36298
DedeCMS v5.7.109 has a File Upload vulnerability, leading to remote code execution (RCE).
Dedecms Dedecms=5.7.109
CVE-2023-34842
Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows remote attackers to run arbitrary code via crafted POST request to /dede/tpl.php.
Dedecms Dedecms<=5.7.109
CVE-2023-37839
An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.109 allows attackers to execute arbitrary code via uploading a crafted PHP file.
Dedecms Dedecms=5.7.109
CVE-2023-3578
DedeCMS co_do.php server-side request forgery
Dedecms Dedecms=5.7.109
CVE-2023-2928
DedeCMS article_allowurl_edit.php code injection
Dedecms Dedecms<=5.7.106
<=5.7.106
CVE-2023-2424
DedeCMS config.php UpDateMemberModCache unrestricted upload
Dedecms Dedecms=5.7.106
CVE-2023-30380
An issue in the component /dialog/select_media.php of DedeCMS v5.7.107 allows attackers to execute a directory traversal.
Dedecms Dedecms=5.7.107
CVE-2023-27733
DedeCMS v5.7.106 was discovered to contain a SQL injection vulnerability via the component /dede/sys_sql_query.php.
Dedecms Dedecms=5.7.106
CVE-2023-2059
DedeCMS select_templets.php path traversal
Dedecms Dedecms=5.7.87
CVE-2023-2056
DedeCMS module_main.php GetSystemFile code injection
Dedecms Dedecms<=5.7.87
CVE-2023-27709
SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dedestory_catalog.php endpoint.
Dedecms Dedecms<=5.7.106
CVE-2023-27707
SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dede/group_store.php endpoint.
Dedecms Dedecms<=5.7.106
CVE-2022-48140
DedeCMS v5.7.97 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /file_manage_view.php?fmdo=edit&filename.
Dedecms Dedecms=5.7.97
CVE-2022-43192
An arbitrary file upload vulnerability in the component /dede/file_manage_control.php of Dedecms v5.7.101 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is relat...
Dedecms Dedecms=5.7.101
CVE-2022-43031
DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords.
Dedecms Dedecms=6.1.9
CVE-2022-40921
DedeCMS V5.7.99 was discovered to contain an arbitrary file upload vulnerability via the component /dede/file_manage_control.php.
Dedecms Dedecms=5.7.99
CVE-2022-40886
DedeCMS 5.7.98 has a file upload vulnerability in the background.
Dedecms Dedecms=5.7.98
CVE-2022-36583
DedeCMS V5.7.97 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/co_do.php via the dopost, rpok, and aid parameters.
Dedecms Dedecms=5.7.97
CVE-2022-35516
DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code execution vulnerability in login.php.
Dedecms Dedecms>=5.7.93<=5.7.96
CVE-2022-36216
DedeCMS v5.7.94 - v5.7.97 was discovered to contain a remote code execution vulnerability in member_toadmin.php.
Dedecms Dedecms>=5.7.94<=5.7.97
CVE-2022-30508
DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter.
Dedecms Dedecms=5.7.93
CVE-2020-36497
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component makehtml_homepage.php via the `filename`, `mid`, `userid`, and `templet' parameters.
Dedecms Dedecms=7.5-sp2
CVE-2020-36495
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `filename`, `mid`, `userid`, and `templet' parameters.
Dedecms Dedecms=7.5-sp2
CVE-2020-36492
Dedecms Dedecms=7.5-sp2
CVE-2020-36496
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component sys_admin_user_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters.
Dedecms Dedecms=7.5-sp2
CVE-2020-36490
Dedecms Dedecms=7.5-sp2
CVE-2020-36493
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component media_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and...
Dedecms Dedecms=7.5-sp2
CVE-2020-36491
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tags_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and ...
Dedecms Dedecms=7.5-sp2
CVE-2020-36494
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component mychannel_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters.
Dedecms Dedecms=7.5-sp2
CVE-2020-23044
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_pic_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` ...
Dedecms Dedecms=7.5-sp2
CVE-2020-23046
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tpl.php via the `filename`, `mid`, `userid`, and `templet' parameters.
Dedecms Dedecms=7.5-sp2
CVE-2020-18114
An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows attackers to upload a webshell in HTM format.
Dedecms Dedecms=5.7-sp2
CVE-2020-18917
The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker's control.
Dedecms Dedecms=5.7-sp2
CVE-2020-22198
SQL Injection vulnerability in DedeCMS 5.7 via mdescription parameter to member/ajax_membergroup.php.
Dedecms Dedecms=5.7

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203