Lucene search
K

1689 matches found

EUVD
EUVD
added 2026/06/02 6:0 p.m.13 views

EUVD-2026-33997

A security flaw has been discovered in DedeCMS 5.7.88. This affects the function RemoveXSS of the file /plus/carbuyaction.php. The manipulation of the argument postname/des results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used f...

7.5CVSS6.9AI score0.00308EPSS
Exploits0References4
CVE
CVE
added 2026/06/02 6:0 p.m.15 views

CVE-2026-10608

This CVE affects DedeCMS 5.7.88 and the vulnerable component is the function RemoveXSS in the file /plus/carbuyaction.php . The root cause is described as manipulation of the arguments postname/des leading to an SQL injection vulnerability. The impact is described as enabling remote exploitation ...

7.5CVSS6.9AI score0.00308EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/02 5:45 p.m.9 views

EUVD-2026-33995

A vulnerability was identified in DedeCMS 5.7.88. The impacted element is the function dedehtmlspecialchars of the file /plus/flink.php. The manipulation of the argument msg leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...

7.5CVSS7AI score0.00313EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/02 5:45 p.m.11 views

CVE-2026-10607 DedeCMS flink.php dede_htmlspecialchars sql injection

A vulnerability was identified in DedeCMS 5.7.88. The impacted element is the function dedehtmlspecialchars of the file /plus/flink.php. The manipulation of the argument msg leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...

7.5CVSS7AI score0.00313EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/02 5:45 p.m.33 views

CVE-2026-10607 DedeCMS flink.php dede_htmlspecialchars sql injection

A vulnerability was identified in DedeCMS 5.7.88. The impacted element is the function dedehtmlspecialchars of the file /plus/flink.php. The manipulation of the argument msg leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...

7.5CVSS0.00313EPSS
Exploits0References4
CVE
CVE
added 2026/06/02 5:45 p.m.29 views

CVE-2026-10607

The vulnerability CVE-2026-10607 affects DedeCMS 5.7.88. The issue resides in the function dede_htmlspecialchars in /plus/flink.php, where manipulation of the msg argument leads to an SQL injection. Attacks can be remote, and exploitation is publicly available. Impact is described as potentially ...

7.5CVSS7AI score0.00313EPSS
Exploits0References4
NVD
NVD
added 2026/06/02 5:16 p.m.22 views

CVE-2026-10606

A vulnerability was determined in DedeCMS 5.7.88. The affected element is the function TrimMsg of the file /plus/feedback.php of the component Feedback Handler. Executing a manipulation of the argument msg can lead to sql injection. The attack can be launched remotely. The exploit has been public...

7.5CVSS0.00254EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/02 4:30 p.m.39 views

CVE-2026-10606 DedeCMS Feedback feedback.php TrimMsg sql injection

A vulnerability was determined in DedeCMS 5.7.88. The affected element is the function TrimMsg of the file /plus/feedback.php of the component Feedback Handler. Executing a manipulation of the argument msg can lead to sql injection. The attack can be launched remotely. The exploit has been public...

7.5CVSS0.00254EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/02 4:30 p.m.10 views

CVE-2026-10606

A vulnerability was determined in DedeCMS 5.7.88. The affected element is the function TrimMsg of the file /plus/feedback.php of the component Feedback Handler. Executing a manipulation of the argument msg can lead to sql injection. The attack can be launched remotely. The exploit has been public...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/02 4:30 p.m.13 views

EUVD-2026-33981

A vulnerability was determined in DedeCMS 5.7.88. The affected element is the function TrimMsg of the file /plus/feedback.php of the component Feedback Handler. Executing a manipulation of the argument msg can lead to sql injection. The attack can be launched remotely. The exploit has been public...

7.5CVSS5.7AI score0.00254EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/02 4:30 p.m.14 views

CVE-2026-10606 DedeCMS Feedback feedback.php TrimMsg sql injection

A vulnerability was determined in DedeCMS 5.7.88. The affected element is the function TrimMsg of the file /plus/feedback.php of the component Feedback Handler. Executing a manipulation of the argument msg can lead to sql injection. The attack can be launched remotely. The exploit has been public...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References4
CVE
CVE
added 2026/06/02 4:30 p.m.19 views

CVE-2026-10606

CVE-2026-10606 affects DedeCMS 5.7.88, specifically the TrimMsg function in /plus/feedback.php (Feedback Handler). Manipulating the msg argument can cause a SQL injection. The issue is exploitable remotely with publicly disclosed exploit material; CVSS metrics indicate network access, low attack ...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References4
NVD
NVD
added 2026/06/02 4:17 a.m.21 views

CVE-2026-10581

A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function base64decode of the file /plus/download.php?open=1. This manipulation of the argument Link causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and...

6.5CVSS0.00201EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/02 2:30 a.m.9 views

CVE-2026-10581

A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function base64decode of the file /plus/download.php?open=1. This manipulation of the argument Link causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and...

6.5CVSS6.3AI score0.00201EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/02 2:30 a.m.47 views

CVE-2026-10581 DedeCMS download.php base64_decode server-side request forgery

A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function base64decode of the file /plus/download.php?open=1. This manipulation of the argument Link causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and...

6.5CVSS0.00201EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/02 2:30 a.m.13 views

CVE-2026-10581 DedeCMS download.php base64_decode server-side request forgery

A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function base64decode of the file /plus/download.php?open=1. This manipulation of the argument Link causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and...

6.5CVSS6.3AI score0.00201EPSS
Exploits0References4
CVE
CVE
added 2026/06/02 2:30 a.m.27 views

CVE-2026-10581

CVE-2026-10581 affects DedeCMS 5.7.88. The vulnerability lies in the function base64_decode in /plus/download.php?open=1, where manipulation of the Link argument triggers a server-side request forgery (SSRF). Remote exploitation is possible, and the exploit has been published. The available docum...

6.5CVSS6.3AI score0.00201EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.11 views

PT-2026-45819

Name of the Vulnerable Software and Affected Versions DedeCMS version 5.7.88 Description A security flaw exists in the RemoveXSS function within the '/plus/carbuyaction.php' file. Remote attackers can perform SQL injection, which is a technique used to manipulate a database by inserting malicious...

7.5CVSS7.4AI score0.00308EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.8 views

DesDev DedeCMS SQL注入漏洞

DesDev DedeCMS is an open-source content management system CMS developed by DesDev Corporation, based on PHP. This system offers functions such as content publishing, content management, content editing, and content retrieval. Version 5.7.88 of DesDev DedeCMS contains a SQL injection vulnerabilit...

7.5CVSS5.6AI score0.00313EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.17 views

PT-2026-45690

A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function base64 decode of the file /plus/download.php?open=1. This manipulation of the argument Link causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and...

6.5CVSS6.3AI score0.00201EPSS
Exploits0References5
Rows per page
Query Builder