DedeCMS Cross-Site Scripting Vulnerability (CNVD-2018-21787)

DedeCMS is a PHP-based web content management system CMS. A cross-site scripting vulnerability exists in the 'GetPageList' function in the include/datalistcp.class.php file in DedeCMS version 5.7 SP2. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

CVE-2018-18608

DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATHINFO to /member/index.php, /member/pm.php, /member/contentlist.php, or...

DedeCms V5.6 plus/advancedsearch.php 任意sql语句执行漏洞

DedeCMS内容管理系统软件采用XML名字空间风格核心模板：模板全部使用文件形式保存，对用户设计模板、网站升级转移均提供很大的便利，健壮的模板标签为站长DIY 自己的网站提供了强有力的支持。高效率标签缓存机制：允许对类同的标签进行缓存，在生成 HTML的时候，有利于提高系统反应速度，降低系统消耗的资源。模型与模块概念并存：在模型不能满足用户所有需求的情况下，DedeCMS推出一些互动的模块对系统进行补充，尽量满足用户的需求。 plus/advancedsearch.php $sql 变量未初始化。导致鸡助漏洞 if$mid == 0 //必须绕过，By：俺是农村的。...