7 matches found
CVE-2025-12927
CVE-2025-12927 affects DedeBIZ up to version 6.3.2. The vulnerability lies in the /admin/archives_add.php component where manipulation of the flags[] argument enables a remote SQL injection. The issue is caused by an unknown function handling flags[] and has publicly disclosed exploits. Multiple ...
CVE-2025-12861 DedeBIZ spec_add.php sql injection
A vulnerability was determined in DedeBIZ up to 6.3.2. Affected by this vulnerability is an unknown functionality of the file /admin/specadd.php. This manipulation of the argument flags causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...
CVE-2025-12860 DedeBIZ freelist_main.php sql injection
A vulnerability was found in DedeBIZ up to 6.3.2. Affected is an unknown function of the file /admin/freelistmain.php. The manipulation of the argument orderby results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...
CVE-2025-12860 DedeBIZ freelist_main.php sql injection
A vulnerability was found in DedeBIZ up to 6.3.2. Affected is an unknown function of the file /admin/freelistmain.php. The manipulation of the argument orderby results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...
EUVD-2025-38254
A vulnerability was found in DedeBIZ up to 6.3.2. Affected is an unknown function of the file /admin/freelistmain.php. The manipulation of the argument orderby results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...
CVE-2024-44716
A cross-site scripting XSS vulnerability in DedeBIZ v6.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2023-43232
A stored cross-site scripting XSS vulnerability in the Website column management function of DedeBIZ v6.2.11 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter...