Filtered by vendor Dedecms
Subscriptions
Filtered by product Dedecms
Subscriptions
Total
101 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-18781 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
DedeCMS 5.7 SP2 allows XSS via the /member/uploads_select.php f or keyword parameter. | ||||
CVE-2018-18608 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATH_INFO to /member/index.php, /member/pm.php, /member/content_list.php, or /plus/feedback.php. | ||||
CVE-2018-18579 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter. | ||||
CVE-2018-18578 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter. | ||||
CVE-2018-16786 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg parameter to /plus/feedback_ajax.php. | ||||
CVE-2018-16785 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell | ||||
CVE-2018-16784 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "<file type='file' name='../" substring. | ||||
CVE-2018-12046 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
DedeCMS through 5.7SP2 allows arbitrary file write in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file. | ||||
CVE-2018-12045 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=upload request with an upfile1 parameter, as demonstrated by uploading a .php file. | ||||
CVE-2018-10375 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
A file uploading vulnerability exists in /include/helpers/upload.helper.php in DedeCMS V5.7 SP2, which can be utilized by attackers to upload and execute arbitrary PHP code via the /dede/archives_do.php?dopost=uploadLitpic litpic parameter when "Content-Type: image/jpeg" is sent, but the filename ends in .php and contains PHP code. | ||||
CVE-2017-17731 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php. | ||||
CVE-2017-17730 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php. | ||||
CVE-2017-17727 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
DedeCMS through 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in the templet parameter to member/article_edit.php. | ||||
CVE-2015-4553 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 8.8 High |
A file upload issue exists in DeDeCMS before 5.7-sp1, which allows malicious users getshell. | ||||
CVE-2011-5200 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
Multiple SQL injection vulnerabilities in DeDeCMS, possibly 5.6, allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) list.php, (2) members.php, or (3) book.php. | ||||
CVE-2010-1097 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
include/userlogin.class.php in DeDeCMS 5.5 GBK, when session.auto_start is enabled, allows remote attackers to bypass authentication and gain administrative access via a value of 1 for the _SESSION[dede_admin_id] parameter, as demonstrated by a request to uploads/include/dialog/select_soft_post.php. | ||||
CVE-2009-3806 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
SQL injection vulnerability in feedback_js.php in DedeCMS 5.1 allows remote attackers to execute arbitrary SQL commands via the arcurl parameter. | ||||
CVE-2009-2270 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
Unrestricted file upload vulnerability in member/uploads_edit.php in dedecms 5.3 allows remote attackers to execute arbitrary code by uploading a file with a double extension in the filename, then accessing this file via unspecified vectors, as demonstrated by a .jpg.php filename. | ||||
CVE-2024-46372 | 1 Dedecms | 1 Dedecms | 2024-09-24 | 6.1 Medium |
DedeCMS 5.7.115 is vulnerable to Cross Site Scripting (XSS) via the advertisement code box in the advertisement management module. | ||||
CVE-2024-46373 | 1 Dedecms | 1 Dedecms | 2024-09-20 | 8.8 High |
Dedecms V5.7.115 contains an arbitrary code execution via file upload vulnerability in the backend. |