Filtered by vendor Dedecms
Subscriptions
Total
97 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-16784 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
| DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "<file type='file' name='../" substring. | ||||
| CVE-2018-12046 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
| DedeCMS through 5.7SP2 allows arbitrary file write in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file. | ||||
| CVE-2018-12045 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
| DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=upload request with an upfile1 parameter, as demonstrated by uploading a .php file. | ||||
| CVE-2018-10375 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
| A file uploading vulnerability exists in /include/helpers/upload.helper.php in DedeCMS V5.7 SP2, which can be utilized by attackers to upload and execute arbitrary PHP code via the /dede/archives_do.php?dopost=uploadLitpic litpic parameter when "Content-Type: image/jpeg" is sent, but the filename ends in .php and contains PHP code. | ||||
| CVE-2017-17731 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
| DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php. | ||||
| CVE-2017-17730 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
| DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php. | ||||
| CVE-2017-17727 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
| DedeCMS through 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in the templet parameter to member/article_edit.php. | ||||
| CVE-2015-4553 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 8.8 High |
| A file upload issue exists in DeDeCMS before 5.7-sp1, which allows malicious users getshell. | ||||
| CVE-2011-5200 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
| Multiple SQL injection vulnerabilities in DeDeCMS, possibly 5.6, allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) list.php, (2) members.php, or (3) book.php. | ||||
| CVE-2010-1097 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
| include/userlogin.class.php in DeDeCMS 5.5 GBK, when session.auto_start is enabled, allows remote attackers to bypass authentication and gain administrative access via a value of 1 for the _SESSION[dede_admin_id] parameter, as demonstrated by a request to uploads/include/dialog/select_soft_post.php. | ||||
| CVE-2009-3806 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
| SQL injection vulnerability in feedback_js.php in DedeCMS 5.1 allows remote attackers to execute arbitrary SQL commands via the arcurl parameter. | ||||
| CVE-2009-2270 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in member/uploads_edit.php in dedecms 5.3 allows remote attackers to execute arbitrary code by uploading a file with a double extension in the filename, then accessing this file via unspecified vectors, as demonstrated by a .jpg.php filename. | ||||
| CVE-2024-11138 | 1 Dedecms | 1 Dedecms | 2024-11-13 | 2.7 Low |
| A vulnerability classified as problematic has been found in DedeCMS 5.7.116. This affects an unknown part of the file /dede/uploads/dede/friendlink_add.php. The manipulation of the argument logoimg leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9076 | 1 Dedecms | 1 Dedecms | 2024-09-27 | 6.3 Medium |
| A vulnerability was found in DedeCMS up to 5.7.115. It has been rated as critical. This issue affects some unknown processing of the file article_string_mix.php. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-46372 | 1 Dedecms | 1 Dedecms | 2024-09-24 | 6.1 Medium |
| DedeCMS 5.7.115 is vulnerable to Cross Site Scripting (XSS) via the advertisement code box in the advertisement management module. | ||||
| CVE-2024-46373 | 1 Dedecms | 1 Dedecms | 2024-09-20 | 8.8 High |
| Dedecms V5.7.115 contains an arbitrary code execution via file upload vulnerability in the backend. | ||||
| CVE-2024-42636 | 1 Dedecms | 1 Dedecms | 2024-08-23 | 7.2 High |
| DedeCMS V5.7.115 has a command execution vulnerability via file_manage_view.php?fmdo=newfile&activepath. | ||||