Dedecms Security Vulnerabilities

CVE-2024-22895

DedeCMS 5.7.112 has a File Upload vulnerability via...

CVE-2023-7212

A vulnerability classified as critical has been found in DeDeCMS up to 5.7.112. Affected is an unknown function of the file file_class.php of the component Backend. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the...

CVE-2023-49494

DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component...

CVE-2023-49492

DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the imgstick parameter at...

CVE-2023-49493

DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the v parameter at...

CVE-2023-43275

Cross-Site Request Forgery (CSRF) vulnerability in DedeCMS v5.7 in 110 backend management interface via /catalog_add.php, allows attackers to create crafted web pages due to a lack of verification of the token value of the submitted...

CVE-2023-48068

DedeCMS v6.2 was discovered to contain a Cross-site Scripting (XSS) vulnerability via...

CVE-2023-5301

A vulnerability classified as critical was found in DedeCMS 5.7.111. This vulnerability affects the function AddMyAddon of the file album_add.php. The manipulation of the argument albumUploadFiles leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed...

CVE-2023-43226

An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP...

CVE-2023-5022

A vulnerability has been found in DedeCMS up to 5.7.100 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /include/dialog/select_templets_post.php. The manipulation of the argument activepath leads to absolute path traversal. The associated...

CVE-2023-40784

DedeCMS 5.7.102 has a File Upload vulnerability via...

CVE-2023-4747

A vulnerability classified as critical was found in DedeCMS 5.7.110. This vulnerability affects unknown code of the file /uploads/tags.php. The manipulation of the argument tag_alias leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may.....

CVE-2023-40874

DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_add.php via the votename and voteitem1...

CVE-2023-40877

DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_edit.php via the title...

CVE-2023-40875

DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_edit.php via the votename and votenote...

CVE-2023-40876

DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_add.php via the title...

CVE-2023-36298

DedeCMS v5.7.109 has a File Upload vulnerability, leading to remote code execution...

CVE-2023-34842

Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows remote attackers to run arbitrary code via crafted POST request to...

CVE-2023-37839

An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.109 allows attackers to execute arbitrary code via uploading a crafted PHP...

CVE-2023-3578

A vulnerability classified as critical was found in DedeCMS 5.7.109. Affected by this vulnerability is an unknown functionality of the file co_do.php. The manipulation of the argument rssurl leads to server-side request forgery. The exploit has been disclosed to the public and may be used. The...

CVE-2023-2928

A vulnerability was found in DedeCMS up to 5.7.106. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file uploads/dede/article_allowurl_edit.php. The manipulation of the argument allurls leads to code injection. The attack can be launched...

CVE-2023-31757

DedeCMS up to v5.7.108 is vulnerable to XSS in sys_info.php via parameters 'editcfgpowerby' and...

CVE-2023-2424

A vulnerability was found in DedeCMS 5.7.106 and classified as critical. Affected by this issue is the function UpDateMemberModCache of the file uploads/dede/config.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public....

CVE-2023-30380

An issue in the component /dialog/select_media.php of DedeCMS v5.7.107 allows attackers to execute a directory...

CVE-2023-27733

DedeCMS v5.7.106 was discovered to contain a SQL injection vulnerability via the component...

CVE-2023-2059

A vulnerability was found in DedeCMS 5.7.87. It has been rated as problematic. Affected by this issue is some unknown functionality of the file uploads/include/dialog/select_templets.php. The manipulation leads to path traversal: '..\filedir'. The attack may be launched remotely. The exploit has...

CVE-2023-2056

A vulnerability was found in DedeCMS up to 5.7.87 and classified as critical. This issue affects the function GetSystemFile of the file module_main.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The....

CVE-2023-27707

SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dede/group_store.php...

CVE-2023-27709

SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dedestory_catalog.php...

CVE-2022-48140

DedeCMS v5.7.97 was discovered to contain a cross-site scripting (XSS) vulnerability in the component...

CVE-2022-46442

dedecms <=V5.7.102 is vulnerable to SQL Injection. In sys_ sql_ n query.php there are no restrictions on the sql...

CVE-2022-43192

An arbitrary file upload vulnerability in the component /dede/file_manage_control.php of Dedecms v5.7.101 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is related to an incomplete fix for...

CVE-2022-43031

DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrator accounts and modify Admin...

CVE-2022-40921

DedeCMS V5.7.99 was discovered to contain an arbitrary file upload vulnerability via the component...

CVE-2022-40886

DedeCMS 5.7.98 has a file upload vulnerability in the...

CVE-2022-36583

DedeCMS V5.7.97 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/co_do.php via the dopost, rpok, and aid...

CVE-2022-35516

DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code execution vulnerability in...

CVE-2022-36216

DedeCMS v5.7.94 - v5.7.97 was discovered to contain a remote code execution vulnerability in...

CVE-2022-34531

DedeCMS v5.7.95 was discovered to contain a remote code execution (RCE) vulnerability via the component mytag_...

CVE-2022-30508

DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete...

CVE-2022-23337

DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerability in article_coonepage_rule.php via the ids...

CVE-2020-36493

DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component media_main.php via the activepath, keyword, tag, fmdo=x&filename, CKEditor and CKEditorFuncNum...

CVE-2020-36494

DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component mychannel_edit.php via the filename, mid, userid, and `templet'...

CVE-2020-36495

DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the filename, mid, userid, and `templet'...

CVE-2020-36491

DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tags_main.php via the activepath, keyword, tag, fmdo=x&filename, CKEditor and CKEditorFuncNum...

CVE-2020-36492

DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component select_media.php via the activepath, keyword, tag, fmdo=x&filename, CKEditor and CKEditorFuncNum...

CVE-2020-36497

DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component makehtml_homepage.php via the filename, mid, userid, and `templet'...

CVE-2020-23044

DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_pic_view.php via the activepath, keyword, tag, fmdo=x&filename, CKEditor and CKEditorFuncNum...

CVE-2020-36490

DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the activepath, keyword, tag, fmdo=x&filename, CKEditor and CKEditorFuncNum...

CVE-2020-36496

DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component sys_admin_user_edit.php via the filename, mid, userid, and `templet'...