Total
61 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-27709 | 1 Dedecms | 1 Dedecms | 2023-03-21 | N/A | 7.2 HIGH |
SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dedestory_catalog.php endpoint. | |||||
CVE-2023-27707 | 1 Dedecms | 1 Dedecms | 2023-03-21 | N/A | 7.2 HIGH |
SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dede/group_store.php endpoint. | |||||
CVE-2022-48140 | 1 Dedecms | 1 Dedecms | 2023-02-08 | N/A | 5.4 MEDIUM |
DedeCMS v5.7.97 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /file_manage_view.php?fmdo=edit&filename. | |||||
CVE-2022-46442 | 1 Dedecms | 1 Dedecms | 2023-01-05 | N/A | 9.8 CRITICAL |
dedecms <=V5.7.102 is vulnerable to SQL Injection. In sys_ sql_ n query.php there are no restrictions on the sql query. | |||||
CVE-2022-43192 | 1 Dedecms | 1 Dedecms | 2022-11-22 | N/A | 6.7 MEDIUM |
An arbitrary file upload vulnerability in the component /dede/file_manage_control.php of Dedecms v5.7.101 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is related to an incomplete fix for CVE-2022-40886. | |||||
CVE-2022-43031 | 1 Dedecms | 1 Dedecms | 2022-11-10 | N/A | 8.8 HIGH |
DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords. | |||||
CVE-2022-40921 | 1 Dedecms | 1 Dedecms | 2022-10-13 | N/A | 7.2 HIGH |
DedeCMS V5.7.99 was discovered to contain an arbitrary file upload vulnerability via the component /dede/file_manage_control.php. | |||||
CVE-2022-40886 | 1 Dedecms | 1 Dedecms | 2022-10-04 | N/A | 7.2 HIGH |
DedeCMS 5.7.98 has a file upload vulnerability in the background. | |||||
CVE-2022-36583 | 1 Dedecms | 1 Dedecms | 2022-09-07 | N/A | 6.1 MEDIUM |
DedeCMS V5.7.97 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/co_do.php via the dopost, rpok, and aid parameters. | |||||
CVE-2022-36216 | 1 Dedecms | 1 Dedecms | 2022-08-18 | N/A | 7.2 HIGH |
DedeCMS v5.7.94 - v5.7.97 was discovered to contain a remote code execution vulnerability in member_toadmin.php. | |||||
CVE-2022-35516 | 1 Dedecms | 1 Dedecms | 2022-08-18 | N/A | 9.8 CRITICAL |
DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code execution vulnerability in login.php. | |||||
CVE-2022-34531 | 1 Dedecms | 1 Dedecms | 2022-08-05 | N/A | 9.8 CRITICAL |
DedeCMS v5.7.95 was discovered to contain a remote code execution (RCE) vulnerability via the component mytag_ main.php. | |||||
CVE-2020-27533 | 1 Dedecms | 1 Dedecms | 2022-06-03 | 3.5 LOW | 5.4 MEDIUM |
A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to inject code into web pages, and other users will be affected when viewing web pages. | |||||
CVE-2022-30508 | 1 Dedecms | 1 Dedecms | 2022-06-03 | 5.5 MEDIUM | 6.5 MEDIUM |
DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter. | |||||
CVE-2022-23337 | 1 Dedecms | 1 Dedecms | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerability in article_coonepage_rule.php via the ids parameter. | |||||
CVE-2018-6910 | 1 Dedecms | 1 Dedecms | 2022-02-18 | 5.0 MEDIUM | 7.5 HIGH |
DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php. | |||||
CVE-2018-6881 | 2 Dedecms, Phome | 2 Dedecms, Empirecms | 2022-02-18 | 5.0 MEDIUM | 5.3 MEDIUM |
EmpireCMS 6.6 allows remote attackers to discover the full path via an array value for a parameter to admin/tool/ShowPic.php. | |||||
CVE-2020-36490 | 1 Dedecms | 1 Dedecms | 2021-10-27 | 3.5 LOW | 5.4 MEDIUM |
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. | |||||
CVE-2020-36491 | 1 Dedecms | 1 Dedecms | 2021-10-27 | 3.5 LOW | 5.4 MEDIUM |
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tags_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. | |||||
CVE-2020-23046 | 1 Dedecms | 1 Dedecms | 2021-10-27 | 4.3 MEDIUM | 6.1 MEDIUM |
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tpl.php via the `filename`, `mid`, `userid`, and `templet' parameters. |