Filtered by vendor Dedecms
Subscriptions
Total
93 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-35516 | 1 Dedecms | 1 Dedecms | 2024-08-03 | 9.8 Critical |
DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code execution vulnerability in login.php. | ||||
CVE-2022-34531 | 1 Dedecms | 1 Dedecms | 2024-08-03 | 9.8 Critical |
DedeCMS v5.7.95 was discovered to contain a remote code execution (RCE) vulnerability via the component mytag_ main.php. | ||||
CVE-2022-30508 | 1 Dedecms | 1 Dedecms | 2024-08-03 | 6.5 Medium |
DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter. | ||||
CVE-2022-23337 | 1 Dedecms | 1 Dedecms | 2024-08-03 | 9.8 Critical |
DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerability in article_coonepage_rule.php via the ids parameter. | ||||
CVE-2023-49494 | 1 Dedecms | 1 Dedecms | 2024-08-02 | 6.1 Medium |
DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component select_media_post_wangEditor.php. | ||||
CVE-2023-49493 | 1 Dedecms | 1 Dedecms | 2024-08-02 | 6.1 Medium |
DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the v parameter at selectimages.php. | ||||
CVE-2023-49492 | 1 Dedecms | 1 Dedecms | 2024-08-02 | 6.1 Medium |
DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the imgstick parameter at selectimages.php. | ||||
CVE-2023-43226 | 1 Dedecms | 1 Dedecms | 2024-08-02 | 8.8 High |
An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
CVE-2023-40877 | 1 Dedecms | 1 Dedecms | 2024-08-02 | 5.4 Medium |
DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_edit.php via the title parameter. | ||||
CVE-2023-40874 | 1 Dedecms | 1 Dedecms | 2024-08-02 | 5.4 Medium |
DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_add.php via the votename and voteitem1 parameters. | ||||
CVE-2023-40876 | 1 Dedecms | 1 Dedecms | 2024-08-02 | 5.4 Medium |
DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_add.php via the title parameter. | ||||
CVE-2023-40784 | 1 Dedecms | 1 Dedecms | 2024-08-02 | 9.8 Critical |
DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/module_make.php. | ||||
CVE-2023-40875 | 1 Dedecms | 1 Dedecms | 2024-08-02 | 5.4 Medium |
DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_edit.php via the votename and votenote parameters. | ||||
CVE-2023-37839 | 1 Dedecms | 1 Dedecms | 2024-08-02 | 9.8 Critical |
An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.109 allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
CVE-2023-36298 | 1 Dedecms | 1 Dedecms | 2024-08-02 | 8.8 High |
DedeCMS v5.7.109 has a File Upload vulnerability, leading to remote code execution (RCE). | ||||
CVE-2023-34842 | 1 Dedecms | 1 Dedecms | 2024-08-02 | 9.8 Critical |
Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows remote attackers to run arbitrary code via crafted POST request to /dede/tpl.php. | ||||
CVE-2023-31757 | 1 Dedecms | 1 Dedecms | 2024-08-02 | 5.4 Medium |
DedeCMS up to v5.7.108 is vulnerable to XSS in sys_info.php via parameters 'edit___cfg_powerby' and 'edit___cfg_beian' | ||||
CVE-2023-30380 | 1 Dedecms | 1 Dedecms | 2024-08-02 | 7.5 High |
An issue in the component /dialog/select_media.php of DedeCMS v5.7.107 allows attackers to execute a directory traversal. | ||||
CVE-2023-27707 | 1 Dedecms | 1 Dedecms | 2024-08-02 | 7.2 High |
SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dede/group_store.php endpoint. | ||||
CVE-2023-27709 | 1 Dedecms | 1 Dedecms | 2024-08-02 | 7.2 High |
SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dedestory_catalog.php endpoint. |