PT-2023-31247 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.111 Description: A reflective cross-site scripting XSS issue was discovered in DedeCMS via the component select media post wangEditor.php. This allows for potential XSS attacks. Recommendations: For DedeCMS version 5.7.111...

PT-2023-31245 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.111 Description: A reflective cross-site scripting XSS issue was discovered in DedeCMS. The vulnerability is exploited via the imgstick parameter at the "selectimages.php" endpoint. This allows for malicious scripts to be...

PT-2023-32032 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.111 Description: A critical issue has been found in DedeCMS, affecting an unknown function of the file baidunews.php. The manipulation leads to unrestricted upload. Recommendations: For DedeCMS version 5.7.111, consider...

PT-2023-32021 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.111 Description: A critical vulnerability was found in DedeCMS, affecting the AddMyAddon function of the album add.php file. The manipulation of the albumUploadFiles argument leads to os command injection. The attack can b...

CVE-2023-43226

An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file...

DedeCMS Code Issues Vulnerabilities

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has content publishing, content management, content editing and content retrieval functions. A code issue vulnerability exists in...