Filtered by vendor Dedecms Subscriptions
Total 101 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-46442 1 Dedecms 1 Dedecms 2024-11-21 9.8 Critical
dedecms <=V5.7.102 is vulnerable to SQL Injection. In sys_ sql_ n query.php there are no restrictions on the sql query.
CVE-2022-43192 1 Dedecms 1 Dedecms 2024-11-21 6.7 Medium
An arbitrary file upload vulnerability in the component /dede/file_manage_control.php of Dedecms v5.7.101 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is related to an incomplete fix for CVE-2022-40886.
CVE-2022-43031 1 Dedecms 1 Dedecms 2024-11-21 8.8 High
DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords.
CVE-2022-40921 1 Dedecms 1 Dedecms 2024-11-21 7.2 High
DedeCMS V5.7.99 was discovered to contain an arbitrary file upload vulnerability via the component /dede/file_manage_control.php.
CVE-2022-40886 1 Dedecms 1 Dedecms 2024-11-21 7.2 High
DedeCMS 5.7.98 has a file upload vulnerability in the background.
CVE-2022-36583 1 Dedecms 1 Dedecms 2024-11-21 6.1 Medium
DedeCMS V5.7.97 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/co_do.php via the dopost, rpok, and aid parameters.
CVE-2022-36216 1 Dedecms 1 Dedecms 2024-11-21 7.2 High
DedeCMS v5.7.94 - v5.7.97 was discovered to contain a remote code execution vulnerability in member_toadmin.php.
CVE-2022-35516 1 Dedecms 1 Dedecms 2024-11-21 9.8 Critical
DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code execution vulnerability in login.php.
CVE-2022-34531 1 Dedecms 1 Dedecms 2024-11-21 9.8 Critical
DedeCMS v5.7.95 was discovered to contain a remote code execution (RCE) vulnerability via the component mytag_ main.php.
CVE-2022-30508 1 Dedecms 1 Dedecms 2024-11-21 6.5 Medium
DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter.
CVE-2022-23337 1 Dedecms 1 Dedecms 2024-11-21 9.8 Critical
DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerability in article_coonepage_rule.php via the ids parameter.
CVE-2021-32073 1 Dedecms 1 Dedecms 2024-11-21 8.8 High
DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution.
CVE-2020-36497 1 Dedecms 1 Dedecms 2024-11-21 6.1 Medium
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component makehtml_homepage.php via the `filename`, `mid`, `userid`, and `templet' parameters.
CVE-2020-36496 1 Dedecms 1 Dedecms 2024-11-21 6.1 Medium
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component sys_admin_user_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters.
CVE-2020-36495 1 Dedecms 1 Dedecms 2024-11-21 6.1 Medium
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `filename`, `mid`, `userid`, and `templet' parameters.
CVE-2020-36494 1 Dedecms 1 Dedecms 2024-11-21 6.1 Medium
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component mychannel_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters.
CVE-2020-36493 1 Dedecms 1 Dedecms 2024-11-21 5.4 Medium
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component media_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
CVE-2020-36492 1 Dedecms 1 Dedecms 2024-11-21 5.4 Medium
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component select_media.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
CVE-2020-36491 1 Dedecms 1 Dedecms 2024-11-21 5.4 Medium
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tags_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
CVE-2020-36490 1 Dedecms 1 Dedecms 2024-11-21 5.4 Medium
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.