Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Dedecms Subscribe
Filtered by product Dedecms
Total 61 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-27709 1 Dedecms 1 Dedecms 2023-03-21 N/A 7.2 HIGH
SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dedestory_catalog.php endpoint.
CVE-2023-27707 1 Dedecms 1 Dedecms 2023-03-21 N/A 7.2 HIGH
SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dede/group_store.php endpoint.
CVE-2022-48140 1 Dedecms 1 Dedecms 2023-02-08 N/A 5.4 MEDIUM
DedeCMS v5.7.97 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /file_manage_view.php?fmdo=edit&filename.
CVE-2022-46442 1 Dedecms 1 Dedecms 2023-01-05 N/A 9.8 CRITICAL
dedecms <=V5.7.102 is vulnerable to SQL Injection. In sys_ sql_ n query.php there are no restrictions on the sql query.
CVE-2022-43192 1 Dedecms 1 Dedecms 2022-11-22 N/A 6.7 MEDIUM
An arbitrary file upload vulnerability in the component /dede/file_manage_control.php of Dedecms v5.7.101 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is related to an incomplete fix for CVE-2022-40886.
CVE-2022-43031 1 Dedecms 1 Dedecms 2022-11-10 N/A 8.8 HIGH
DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords.
CVE-2022-40921 1 Dedecms 1 Dedecms 2022-10-13 N/A 7.2 HIGH
DedeCMS V5.7.99 was discovered to contain an arbitrary file upload vulnerability via the component /dede/file_manage_control.php.
CVE-2022-40886 1 Dedecms 1 Dedecms 2022-10-04 N/A 7.2 HIGH
DedeCMS 5.7.98 has a file upload vulnerability in the background.
CVE-2022-36583 1 Dedecms 1 Dedecms 2022-09-07 N/A 6.1 MEDIUM
DedeCMS V5.7.97 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/co_do.php via the dopost, rpok, and aid parameters.
CVE-2022-36216 1 Dedecms 1 Dedecms 2022-08-18 N/A 7.2 HIGH
DedeCMS v5.7.94 - v5.7.97 was discovered to contain a remote code execution vulnerability in member_toadmin.php.
CVE-2022-35516 1 Dedecms 1 Dedecms 2022-08-18 N/A 9.8 CRITICAL
DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code execution vulnerability in login.php.
CVE-2022-34531 1 Dedecms 1 Dedecms 2022-08-05 N/A 9.8 CRITICAL
DedeCMS v5.7.95 was discovered to contain a remote code execution (RCE) vulnerability via the component mytag_ main.php.
CVE-2020-27533 1 Dedecms 1 Dedecms 2022-06-03 3.5 LOW 5.4 MEDIUM
A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to inject code into web pages, and other users will be affected when viewing web pages.
CVE-2022-30508 1 Dedecms 1 Dedecms 2022-06-03 5.5 MEDIUM 6.5 MEDIUM
DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter.
CVE-2022-23337 1 Dedecms 1 Dedecms 2022-02-22 7.5 HIGH 9.8 CRITICAL
DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerability in article_coonepage_rule.php via the ids parameter.
CVE-2018-6910 1 Dedecms 1 Dedecms 2022-02-18 5.0 MEDIUM 7.5 HIGH
DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php.
CVE-2018-6881 2 Dedecms, Phome 2 Dedecms, Empirecms 2022-02-18 5.0 MEDIUM 5.3 MEDIUM
EmpireCMS 6.6 allows remote attackers to discover the full path via an array value for a parameter to admin/tool/ShowPic.php.
CVE-2020-36490 1 Dedecms 1 Dedecms 2021-10-27 3.5 LOW 5.4 MEDIUM
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
CVE-2020-36491 1 Dedecms 1 Dedecms 2021-10-27 3.5 LOW 5.4 MEDIUM
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tags_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
CVE-2020-23046 1 Dedecms 1 Dedecms 2021-10-27 4.3 MEDIUM 6.1 MEDIUM
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tpl.php via the `filename`, `mid`, `userid`, and `templet' parameters.