Filtered by vendor Dedecms
Subscriptions
Total
160 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2270 | 1 Dedecms | 1 Dedecms | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in member/uploads_edit.php in dedecms 5.3 allows remote attackers to execute arbitrary code by uploading a file with a double extension in the filename, then accessing this file via unspecified vectors, as demonstrated by a .jpg.php filename. | ||||
| CVE-2024-3685 | 1 Dedecms | 1 Dedecms | 2025-04-08 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in DedeCMS 5.7.112-UTF8. Affected is an unknown function of the file stepselect_main.php. The manipulation of the argument ids leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260472. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-3686 | 1 Dedecms | 1 Dedecms | 2025-04-08 | 4.3 Medium |
| A vulnerability has been found in DedeCMS 5.7.112-UTF8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file update_guide.php. The manipulation of the argument files leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260473 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-4790 | 1 Dedecms | 1 Dedecms | 2025-04-04 | 4.3 Medium |
| A vulnerability classified as problematic has been found in DedeCMS 5.7.114. This affects an unknown part of the file /sys_verifies.php?action=view. The manipulation of the argument filename with the input ../../../../../etc/passwd leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263889 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-30946 | 1 Dedecms | 1 Dedecms | 2025-04-01 | 5.5 Medium |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/co_do.php. | ||||
| CVE-2024-30965 | 1 Dedecms | 1 Dedecms | 2025-04-01 | 8.8 High |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/member_scores.php. | ||||
| CVE-2024-29661 | 1 Dedecms | 1 Dedecms | 2025-04-01 | 9.8 Critical |
| A File Upload vulnerability in DedeCMS v5.7 allows a local attacker to execute arbitrary code via a crafted payload. | ||||
| CVE-2024-29660 | 1 Dedecms | 1 Dedecms | 2025-04-01 | 5.3 Medium |
| Cross Site Scripting vulnerability in DedeCMS v.5.7 allows a local attacker to execute arbitrary code via a crafted payload to the stepselect_main.php component. | ||||
| CVE-2024-33749 | 1 Dedecms | 1 Dedecms | 2025-04-01 | 9.1 Critical |
| DedeCMS V5.7.114 is vulnerable to deletion of any file via mail_file_manage.php. | ||||
| CVE-2024-34245 | 1 Dedecms | 1 Dedecms | 2025-04-01 | 6.5 Medium |
| An arbitrary file read vulnerability in DedeCMS v5.7.114 allows authenticated attackers to read arbitrary files by specifying any path in makehtml_js_action.php. | ||||
| CVE-2024-34959 | 1 Dedecms | 1 Dedecms | 2025-04-01 | 5.5 Medium |
| DedeCMS V5.7.113 is vulnerable to Cross Site Scripting (XSS) via sys_data_replace.php. | ||||
| CVE-2024-35375 | 1 Dedecms | 1 Dedecms | 2025-04-01 | 9.8 Critical |
| There is an arbitrary file upload vulnerability on the media add .php page in the backend of the website in version 5.7.114 of DedeCMS | ||||
| CVE-2024-35510 | 1 Dedecms | 1 Dedecms | 2025-04-01 | 9.8 Critical |
| An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.114 allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2024-57241 | 1 Dedecms | 1 Dedecms | 2025-04-01 | 6.5 Medium |
| Dedecms 5.71sp1 and earlier is vulnerable to URL redirect. In the web application, a logic error does not judge the input GET request resulting in URL redirection. | ||||
| CVE-2024-29684 | 1 Dedecms | 1 Dedecms | 2025-04-01 | 9.8 Critical |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /src/dede/makehtml_homepage.php allowing a remote attacker to execute arbitrary code. | ||||
| CVE-2024-33371 | 1 Dedecms | 1 Dedecms | 2025-04-01 | 6.1 Medium |
| Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remote attacker to execute arbitrary code via the typeid parameter in the makehtml_list_action.php component. | ||||
| CVE-2024-33401 | 1 Dedecms | 1 Dedecms | 2025-04-01 | 4.4 Medium |
| Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remote attacker to run arbitrary code via the mnum parameter. | ||||
| CVE-2024-28678 | 1 Dedecms | 1 Dedecms | 2025-04-01 | 6.3 Medium |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_description_main.php | ||||
| CVE-2024-28679 | 1 Dedecms | 1 Dedecms | 2025-04-01 | 6.1 Medium |
| DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via Photo Collection. | ||||
| CVE-2024-28680 | 1 Dedecms | 1 Dedecms | 2025-04-01 | 6.1 Medium |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/diy_add.php. | ||||