6 matches found
CVE-2024-29661
A File Upload vulnerability in DedeCMS v5.7 allows a local attacker to execute arbitrary code via a crafted payload...
CVE-2024-28679
DedeCMS v5.7 was discovered to contain a cross-site scripting XSS vulnerability via Photo Collection...
CVE-2024-34245
An arbitrary file read vulnerability in DedeCMS v5.7.114 allows authenticated attackers to read arbitrary files by specifying any path in makehtmljsaction.php...
PT-2024-27184 · Dedecms · Dedecms
Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.112-UTF8 Description: A vulnerability has been found in DedeCMS, affecting an unknown functionality of the file update guide.php. The manipulation of the argument files leads to path traversal: '../filedir'. The attack can...
CVE-2024-30946
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /src/dede/codo.php...
CVE-2023-49493
DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting XSS vulnerability via the v parameter at selectimages.php...