1693 matches found
CVE-2018-19061
DedeCMS 5.7 SP2 has SQL Injection via the dede\codo.php ids parameter...
CVE-2022-35516
DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code execution vulnerability in login.php...
CVE-2020-23044
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting XSS vulnerabilities in the component filepicview.php via the activepath, keyword, tag, fmdo=x, CKEditor and CKEditorFuncNum parameters...
CVE-2024-34959
DedeCMS V5.7.113 is vulnerable to Cross Site Scripting XSS via sysdatareplace.php...
CVE-2024-34245
An arbitrary file read vulnerability in DedeCMS v5.7.114 allows authenticated attackers to read arbitrary files by specifying any path in makehtmljsaction.php...
CVE-2024-2821
A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. Affected by this issue is some unknown functionality of the file /src/dede/friendlinkedit.php. The manipulation of the argument id leads to cross-site request forgery. The attack may be launched remotely. The...
CVE-2024-2822
A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/voteedit.php. The manipulation of the argument aid leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed...
CVE-2024-2820
A vulnerability classified as problematic was found in DedeCMS 5.7. Affected by this vulnerability is an unknown functionality of the file /src/dede/baidunews.php. The manipulation of the argument filename leads to cross-site request forgery. The attack can be launched remotely. The exploit has...
CVE-2024-30855
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /src/dede/makehtmllistaction.php...
CVE-2024-30855
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /src/dede/makehtmllistaction.php...
CVE-2024-30855
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /src/dede/makehtmllistaction.php...
CVE-2024-30855
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /src/dede/makehtmllistaction.php...
DesDev DedeCMS 安全漏洞
DesDev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS from China's Zhuozhuo DesDev. The system features content publishing, content management, content editing and content retrieval. DesDev DedeCMS v5.7 version of a security vulnerability ...
CVE-2024-30855
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /src/dede/makehtmllistaction.php...
PT-2025-53785
Name of the Vulnerable Software and Affected Versions DedeCMS version 5.7 Description The software contains a Cross-Site Request Forgery CSRF issue. The vulnerability is located in the /src/dede/makehtml list action.php endpoint. A malicious actor can potentially cause a user to perform unintende...
CVE-2024-30855
DedeCMS v5.7 is identified as affected by a Cross-Site Request Forgery (CSRF) vulnerability in the endpoint /src/dede/makehtml_list_action.php. The CVE record notes a high-severity issue (CVSS v3.1: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) with user interaction required, indicating potential impact t...
CVE-2025-15004
A vulnerability was identified in DedeCMS up to 5.7.118. This impacts an unknown function of the file /freelistmain.php. The manipulation of the argument orderby leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...
CVE-2025-15004
A vulnerability was identified in DedeCMS up to 5.7.118. This impacts an unknown function of the file /freelistmain.php. The manipulation of the argument orderby leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...
EUVD-2025-204680
A vulnerability was identified in DedeCMS up to 5.7.118. This impacts an unknown function of the file /freelistmain.php. The manipulation of the argument orderby leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...
CVE-2025-15004 DedeCMS freelist_main.php sql injection
A vulnerability was identified in DedeCMS up to 5.7.118. This impacts an unknown function of the file /freelistmain.php. The manipulation of the argument orderby leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...