CVE-2023-27733

DedeCMS v5.7.106 was discovered to contain a SQL injection vulnerability via the component /dede/syssqlquery.php...

CVE-2023-2424

A vulnerability was found in DedeCMS 5.7.106 and classified as critical. Affected by this issue is the function UpDateMemberModCache of the file uploads/dede/config.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the publi...

Desdev DedeCMS SQL注入漏洞

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has the functions of content publishing, content management, content editing and content retrieval. A security vulnerability exists ...

CVE-2023-27709

SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank parameter in the /dedestorycatalog.php endpoint...

PT-2023-21303 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.106 Description: A SQL injection issue allows a remote attacker to execute arbitrary code via the rank parameter in the "/dede/group store.php" endpoint. Recommendations: For DedeCMS version 5.7.106, consider restricting...