Lucene search
K

7 matches found

CVE
CVE
added 2025/11/10 2:32 a.m.18 views

CVE-2025-12927

CVE-2025-12927 affects DedeBIZ up to version 6.3.2. The vulnerability lies in the /admin/archives_add.php component where manipulation of the flags[] argument enables a remote SQL injection. The issue is caused by an unknown function handling flags[] and has publicly disclosed exploits. Multiple ...

7.2CVSS6.7AI score0.00296EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/11/07 4:2 p.m.13 views

CVE-2025-12861 DedeBIZ spec_add.php sql injection

A vulnerability was determined in DedeBIZ up to 6.3.2. Affected by this vulnerability is an unknown functionality of the file /admin/specadd.php. This manipulation of the argument flags causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...

5.8CVSS0.00296EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/07 3:2 p.m.12 views

CVE-2025-12860 DedeBIZ freelist_main.php sql injection

A vulnerability was found in DedeBIZ up to 6.3.2. Affected is an unknown function of the file /admin/freelistmain.php. The manipulation of the argument orderby results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

5.8CVSS0.00296EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/07 3:2 p.m.3 views

CVE-2025-12860 DedeBIZ freelist_main.php sql injection

A vulnerability was found in DedeBIZ up to 6.3.2. Affected is an unknown function of the file /admin/freelistmain.php. The manipulation of the argument orderby results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

5.8CVSS6.7AI score0.00296EPSS
Exploits0References4
EUVD
EUVD
added 2025/11/07 3:2 p.m.4 views

EUVD-2025-38254

A vulnerability was found in DedeBIZ up to 6.3.2. Affected is an unknown function of the file /admin/freelistmain.php. The manipulation of the argument orderby results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

5.8CVSS6.5AI score0.00296EPSS
Exploits0References5
OSV
OSV
added 2024/08/29 6:15 p.m.3 views

CVE-2024-44716

A cross-site scripting XSS vulnerability in DedeBIZ v6.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

6.1CVSS5.9AI score0.0027EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/09/27 3:19 p.m.10 views

CVE-2023-43232

A stored cross-site scripting XSS vulnerability in the Website column management function of DedeBIZ v6.2.11 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter...

5.4CVSS6.2AI score0.0033EPSS
Exploits0References4
Rows per page
Query Builder