CVE-2025-14648

A security vulnerability has been detected in DedeBIZ up to 6.5.9. Affected by this vulnerability is an unknown functionality of the file /src/admin/catalogadd.php. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly...

CVE-2025-14648

A security vulnerability has been detected in DedeBIZ up to 6.5.9. Affected by this vulnerability is an unknown functionality of the file /src/admin/catalogadd.php. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly...

CVE-2025-14648

A security vulnerability has been detected in DedeBIZ up to 6.5.9. Affected by this vulnerability is an unknown functionality of the file /src/admin/catalogadd.php. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly...

CVE-2025-14648 DedeBIZ catalog_add.php command injection

A security vulnerability has been detected in DedeBIZ up to 6.5.9. Affected by this vulnerability is an unknown functionality of the file /src/admin/catalogadd.php. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly...

CVE-2025-14648 DedeBIZ catalog_add.php command injection

A security vulnerability has been detected in DedeBIZ up to 6.5.9. Affected by this vulnerability is an unknown functionality of the file /src/admin/catalogadd.php. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly...

CVE-2025-14648

CVE-2025-14648 affects DedeBIZ up to 6.5.9. The vulnerability is in the file /src/admin/catalog_add.php, where manipulation leads to a remote command injection . Several sources confirm the attack can be launched remotely and that the exploit has been disclosed publicly. The Red Hat and EU ENISA ...

PT-2025-51152

Name of the Vulnerable Software and Affected Versions DedeBIZ versions up to 6.5.9 Description A security issue exists in DedeBIZ that allows for remote command injection. This is due to manipulation of a functionality within the file /src/admin/catalog add.php. The exploit for this issue has bee...

CVE-2023-43275

Cross-Site Request Forgery CSRF vulnerability in DedeCMS v5.7 in 110 backend management interface via /catalogadd.php, allows attackers to create crafted web pages due to a lack of verification of the token value of the submitted form...

CVE-2023-43275

Cross-Site Request Forgery CSRF vulnerability in DedeCMS v5.7 in 110 backend management interface via /catalogadd.php, allows attackers to create crafted web pages due to a lack of verification of the token value of the submitted form...

PT-2023-28756 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability in the backend management interface. This vulnerability allows attackers to create crafted web pages due to a lack of verification of the...

Desdev DedeCMS Cross-Site Request Forgery Vulnerability

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has content publishing, content management, content editing and content retrieval functions. A cross-site request forgery...