PT-2023-31247 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.111 Description: A reflective cross-site scripting XSS issue was discovered in DedeCMS via the component select media post wangEditor.php. This allows for potential XSS attacks. Recommendations: For DedeCMS version 5.7.111...

PT-2023-31245 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.111 Description: A reflective cross-site scripting XSS issue was discovered in DedeCMS. The vulnerability is exploited via the imgstick parameter at the "selectimages.php" endpoint. This allows for malicious scripts to be...

PT-2023-32032 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.111 Description: A critical issue has been found in DedeCMS, affecting an unknown function of the file baidunews.php. The manipulation leads to unrestricted upload. Recommendations: For DedeCMS version 5.7.111, consider...

CVE-2023-5301

CVE-2023-5301 affects DedeCMS 5.7.111, where the AddMyAddon function in album_add.php is vulnerable due to improper handling of the albumUploadFiles parameter, enabling OS command injection. The vulnerability is exploitable remotely and, per multiple sources, can lead to arbitrary command executi...

CVE-2023-5301 DedeCMS album_add.php AddMyAddon os command injection

A vulnerability classified as critical was found in DedeCMS 5.7.111. This vulnerability affects the function AddMyAddon of the file albumadd.php. The manipulation of the argument albumUploadFiles leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed t...

CVE-2023-5301 DedeCMS album_add.php AddMyAddon os command injection

A vulnerability classified as critical was found in DedeCMS 5.7.111. This vulnerability affects the function AddMyAddon of the file albumadd.php. The manipulation of the argument albumUploadFiles leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed t...

PT-2023-32021 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.111 Description: A critical vulnerability was found in DedeCMS, affecting the AddMyAddon function of the album add.php file. The manipulation of the albumUploadFiles argument leads to os command injection. The attack can b...

CVE-2023-43226

An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file...

DedeCMS Code Issues Vulnerabilities

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has content publishing, content management, content editing and content retrieval functions. A code issue vulnerability exists in...