Filtered by vendor Dedecms
Subscriptions
Total
121 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4747 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 6.3 Medium |
| A vulnerability classified as critical was found in DedeCMS 5.7.110. This vulnerability affects unknown code of the file /uploads/tags.php. The manipulation of the argument tag_alias leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238636. | ||||
| CVE-2023-49494 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 6.1 Medium |
| DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component select_media_post_wangEditor.php. | ||||
| CVE-2023-49493 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 6.1 Medium |
| DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the v parameter at selectimages.php. | ||||
| CVE-2023-49492 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 6.1 Medium |
| DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the imgstick parameter at selectimages.php. | ||||
| CVE-2023-48068 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 5.4 Medium |
| DedeCMS v6.2 was discovered to contain a Cross-site Scripting (XSS) vulnerability via spec_add.php. | ||||
| CVE-2023-43275 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in DedeCMS v5.7 in 110 backend management interface via /catalog_add.php, allows attackers to create crafted web pages due to a lack of verification of the token value of the submitted form. | ||||
| CVE-2023-43226 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 8.8 High |
| An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
| CVE-2023-40877 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 5.4 Medium |
| DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_edit.php via the title parameter. | ||||
| CVE-2023-40876 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 5.4 Medium |
| DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_add.php via the title parameter. | ||||
| CVE-2023-40875 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 5.4 Medium |
| DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_edit.php via the votename and votenote parameters. | ||||
| CVE-2023-40874 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 5.4 Medium |
| DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_add.php via the votename and voteitem1 parameters. | ||||
| CVE-2023-40784 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 9.8 Critical |
| DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/module_make.php. | ||||
| CVE-2023-3578 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 5.5 Medium |
| A vulnerability classified as critical was found in DedeCMS 5.7.109. Affected by this vulnerability is an unknown functionality of the file co_do.php. The manipulation of the argument rssurl leads to server-side request forgery. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-233371. | ||||
| CVE-2023-37839 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 9.8 Critical |
| An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.109 allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
| CVE-2023-36298 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 8.8 High |
| DedeCMS v5.7.109 has a File Upload vulnerability, leading to remote code execution (RCE). | ||||
| CVE-2023-34842 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 9.8 Critical |
| Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows remote attackers to run arbitrary code via crafted POST request to /dede/tpl.php. | ||||
| CVE-2023-2424 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in DedeCMS 5.7.106 and classified as critical. Affected by this issue is the function UpDateMemberModCache of the file uploads/dede/config.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227750 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-27709 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 7.2 High |
| SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dedestory_catalog.php endpoint. | ||||
| CVE-2023-27707 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 7.2 High |
| SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dede/group_store.php endpoint. | ||||
| CVE-2022-48140 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 5.4 Medium |
| DedeCMS v5.7.97 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /file_manage_view.php?fmdo=edit&filename. | ||||