9 matches found
EUVD-2023-36229
Malicious code in bioql PyPI...
Cross site scripting
DedeCMS v5.7 was discovered to contain a cross-site scripting XSS vulnerability via /dede/articleedit.php...
CVE-2024-28432
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via the component /dede/articleedit.php...
Cross site request forgery (csrf)
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via the component /dede/articleedit.php...
CVE-2024-28676
DedeCMS v5.7 was discovered to contain a cross-site scripting XSS vulnerability via /dede/articleedit.php...
CVE-2024-28432
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via the component /dede/articleedit.php...
CVE-2024-28432
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via the component /dede/articleedit.php...
CVE-2023-31940
SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the pageid parameter at articleedit.php...
Dedecms <= V5.6 Final模板执行漏洞
Dedecms V5.6 Final版本中的各个文件存在一系列问题,经过精心构造的含有恶意代表的模板内容可以通过用户后台的上传附件的功能上传上去,然后通过SQL注入修改附加表的模板路径为我们上传的模板路径,模板解析类:include/incarchivesview.php没有对模板路径及名称做任何限制,则可以成功执行恶意代码。 1、member/articleedit.php文件(注入): //漏洞在member文件夹下普遍存在,$dedeaddonfields是由用户提交的,可以被伪造,伪造成功即可带入sql语句,于是我们可以给附加表的内容进行update赋值。 … //分析处理附加表...