Lucene search
K

1693 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 11:58 a.m.8 views

CVE-2018-19061

DedeCMS 5.7 SP2 has SQL Injection via the dede\codo.php ids parameter...

9.8CVSS8.3AI score0.01759EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:39 a.m.11 views

CVE-2022-35516

DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code execution vulnerability in login.php...

9.8CVSS8.3AI score0.01945EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:54 a.m.11 views

CVE-2020-23044

DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting XSS vulnerabilities in the component filepicview.php via the activepath, keyword, tag, fmdo=x, CKEditor and CKEditorFuncNum parameters...

5.4CVSS6.4AI score0.00562EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:36 a.m.17 views

CVE-2024-34959

DedeCMS V5.7.113 is vulnerable to Cross Site Scripting XSS via sysdatareplace.php...

5.5CVSS6AI score0.00283EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:35 a.m.9 views

CVE-2024-34245

An arbitrary file read vulnerability in DedeCMS v5.7.114 allows authenticated attackers to read arbitrary files by specifying any path in makehtmljsaction.php...

6.5CVSS6.6AI score0.00818EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:14 a.m.11 views

CVE-2024-2821

A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. Affected by this issue is some unknown functionality of the file /src/dede/friendlinkedit.php. The manipulation of the argument id leads to cross-site request forgery. The attack may be launched remotely. The...

5CVSS6.7AI score0.00397EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:14 a.m.9 views

CVE-2024-2822

A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/voteedit.php. The manipulation of the argument aid leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed...

5CVSS6.7AI score0.0037EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:12 a.m.10 views

CVE-2024-2820

A vulnerability classified as problematic was found in DedeCMS 5.7. Affected by this vulnerability is an unknown functionality of the file /src/dede/baidunews.php. The manipulation of the argument filename leads to cross-site request forgery. The attack can be launched remotely. The exploit has...

5CVSS4.7AI score0.0039EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/30 1:2 a.m.7 views

CVE-2024-30855

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /src/dede/makehtmllistaction.php...

8.8CVSS7.3AI score0.00193EPSS
Exploits1References1
NVD
NVD
added 2025/12/29 8:15 p.m.5 views

CVE-2024-30855

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /src/dede/makehtmllistaction.php...

8.8CVSS0.00193EPSS
Exploits1References2
OSV
OSV
added 2025/12/29 8:15 p.m.3 views

CVE-2024-30855

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /src/dede/makehtmllistaction.php...

8.8CVSS5.8AI score0.00193EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/12/29 12:0 a.m.25 views

CVE-2024-30855

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /src/dede/makehtmllistaction.php...

0.00193EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/12/29 12:0 a.m.4 views

DesDev DedeCMS 安全漏洞

DesDev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS from China's Zhuozhuo DesDev. The system features content publishing, content management, content editing and content retrieval. DesDev DedeCMS v5.7 version of a security vulnerability ...

8.8CVSS5.7AI score0.00193EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/12/29 12:0 a.m.2 views

CVE-2024-30855

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /src/dede/makehtmllistaction.php...

6.9AI score0.00193EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/29 12:0 a.m.7 views

PT-2025-53785

Name of the Vulnerable Software and Affected Versions DedeCMS version 5.7 Description The software contains a Cross-Site Request Forgery CSRF issue. The vulnerability is located in the /src/dede/makehtml list action.php endpoint. A malicious actor can potentially cause a user to perform unintende...

8.8CVSS6.7AI score0.00193EPSS
Exploits1References9
CVE
CVE
added 2025/12/29 12:0 a.m.16 views

CVE-2024-30855

DedeCMS v5.7 is identified as affected by a Cross-Site Request Forgery (CSRF) vulnerability in the endpoint /src/dede/makehtml_list_action.php. The CVE record notes a high-severity issue (CVSS v3.1: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) with user interaction required, indicating potential impact t...

8.8CVSS6.9AI score0.00193EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/23 12:25 a.m.11 views

CVE-2025-15004

A vulnerability was identified in DedeCMS up to 5.7.118. This impacts an unknown function of the file /freelistmain.php. The manipulation of the argument orderby leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...

8.8CVSS7.2AI score0.00302EPSS
Exploits1References1
OSV
OSV
added 2025/12/22 1:16 a.m.5 views

CVE-2025-15004

A vulnerability was identified in DedeCMS up to 5.7.118. This impacts an unknown function of the file /freelistmain.php. The manipulation of the argument orderby leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...

8.8CVSS5.7AI score0.00302EPSS
Exploits1References4
EUVD
EUVD
added 2025/12/22 12:2 a.m.4 views

EUVD-2025-204680

A vulnerability was identified in DedeCMS up to 5.7.118. This impacts an unknown function of the file /freelistmain.php. The manipulation of the argument orderby leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...

6.5CVSS6.7AI score0.00302EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/12/22 12:2 a.m.3 views

CVE-2025-15004 DedeCMS freelist_main.php sql injection

A vulnerability was identified in DedeCMS up to 5.7.118. This impacts an unknown function of the file /freelistmain.php. The manipulation of the argument orderby leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...

6.5CVSS6.8AI score0.00302EPSS
Exploits1References4
Rows per page
Query Builder