CVE-2023-27733

DedeCMS v5.7.106 was discovered to contain a SQL injection vulnerability via the component /dede/syssqlquery.php...

CVE-2023-2928

CVE-2023-2928 affects DedeCMS up to version 5.7.106. The vulnerability lies in the uploads/dede/article_allowurl_edit.php functionality where manipulating the allurls parameter leads to code injection. Impact is remote, and public exploits have been disclosed. Mitigation from connected documents ...

CVE-2023-2424

A vulnerability was found in DedeCMS 5.7.106 and classified as critical. Affected by this issue is the function UpDateMemberModCache of the file uploads/dede/config.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the publi...

Out-of-bounds

A vulnerability was found in DedeCMS 5.7.106 and classified as critical. Affected by this issue is the function UpDateMemberModCache of the file uploads/dede/config.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the publi...

CVE-2023-2424 DedeCMS config.php UpDateMemberModCache unrestricted upload

A vulnerability was found in DedeCMS 5.7.106 and classified as critical. Affected by this issue is the function UpDateMemberModCache of the file uploads/dede/config.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the publi...

Desdev DedeCMS SQL注入漏洞

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has the functions of content publishing, content management, content editing and content retrieval. A security vulnerability exists ...

CVE-2023-27709

SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank parameter in the /dedestorycatalog.php endpoint...

Sql injection

SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank parameter in the /dedestorycatalog.php endpoint...

CVE-2023-27709

SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank parameter in the /dedestorycatalog.php endpoint...

PT-2023-21303 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.106 Description: A SQL injection issue allows a remote attacker to execute arbitrary code via the rank parameter in the "/dede/group store.php" endpoint. Recommendations: For DedeCMS version 5.7.106, consider restricting...