Filtered by vendor Dedecms Subscriptions
Filtered by product Dedecms Subscriptions
Total 101 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-18781 1 Dedecms 1 Dedecms 2024-11-21 N/A
DedeCMS 5.7 SP2 allows XSS via the /member/uploads_select.php f or keyword parameter.
CVE-2018-18608 1 Dedecms 1 Dedecms 2024-11-21 N/A
DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATH_INFO to /member/index.php, /member/pm.php, /member/content_list.php, or /plus/feedback.php.
CVE-2018-18579 1 Dedecms 1 Dedecms 2024-11-21 N/A
Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter.
CVE-2018-18578 1 Dedecms 1 Dedecms 2024-11-21 N/A
DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter.
CVE-2018-16786 1 Dedecms 1 Dedecms 2024-11-21 N/A
DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg parameter to /plus/feedback_ajax.php.
CVE-2018-16785 1 Dedecms 1 Dedecms 2024-11-21 N/A
XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell
CVE-2018-16784 1 Dedecms 1 Dedecms 2024-11-21 N/A
DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "<file type='file' name='../" substring.
CVE-2018-12046 1 Dedecms 1 Dedecms 2024-11-21 N/A
DedeCMS through 5.7SP2 allows arbitrary file write in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file.
CVE-2018-12045 1 Dedecms 1 Dedecms 2024-11-21 N/A
DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=upload request with an upfile1 parameter, as demonstrated by uploading a .php file.
CVE-2018-10375 1 Dedecms 1 Dedecms 2024-11-21 N/A
A file uploading vulnerability exists in /include/helpers/upload.helper.php in DedeCMS V5.7 SP2, which can be utilized by attackers to upload and execute arbitrary PHP code via the /dede/archives_do.php?dopost=uploadLitpic litpic parameter when "Content-Type: image/jpeg" is sent, but the filename ends in .php and contains PHP code.
CVE-2017-17731 1 Dedecms 1 Dedecms 2024-11-21 N/A
DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php.
CVE-2017-17730 1 Dedecms 1 Dedecms 2024-11-21 N/A
DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php.
CVE-2017-17727 1 Dedecms 1 Dedecms 2024-11-21 N/A
DedeCMS through 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in the templet parameter to member/article_edit.php.
CVE-2015-4553 1 Dedecms 1 Dedecms 2024-11-21 8.8 High
A file upload issue exists in DeDeCMS before 5.7-sp1, which allows malicious users getshell.
CVE-2011-5200 1 Dedecms 1 Dedecms 2024-11-21 N/A
Multiple SQL injection vulnerabilities in DeDeCMS, possibly 5.6, allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) list.php, (2) members.php, or (3) book.php.
CVE-2010-1097 1 Dedecms 1 Dedecms 2024-11-21 N/A
include/userlogin.class.php in DeDeCMS 5.5 GBK, when session.auto_start is enabled, allows remote attackers to bypass authentication and gain administrative access via a value of 1 for the _SESSION[dede_admin_id] parameter, as demonstrated by a request to uploads/include/dialog/select_soft_post.php.
CVE-2009-3806 1 Dedecms 1 Dedecms 2024-11-21 N/A
SQL injection vulnerability in feedback_js.php in DedeCMS 5.1 allows remote attackers to execute arbitrary SQL commands via the arcurl parameter.
CVE-2009-2270 1 Dedecms 1 Dedecms 2024-11-21 N/A
Unrestricted file upload vulnerability in member/uploads_edit.php in dedecms 5.3 allows remote attackers to execute arbitrary code by uploading a file with a double extension in the filename, then accessing this file via unspecified vectors, as demonstrated by a .jpg.php filename.
CVE-2024-46372 1 Dedecms 1 Dedecms 2024-09-24 6.1 Medium
DedeCMS 5.7.115 is vulnerable to Cross Site Scripting (XSS) via the advertisement code box in the advertisement management module.
CVE-2024-46373 1 Dedecms 1 Dedecms 2024-09-20 8.8 High
Dedecms V5.7.115 contains an arbitrary code execution via file upload vulnerability in the backend.