114 matches found
CVE-2024-29684
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF via the component /src/dede/makehtmlhomepage.php allowing a remote attacker to execute arbitrary code...
DedeCMS 安全漏洞
Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has content publishing, content management, content editing and content retrieval functions. A security vulnerability exists in...
CVE-2024-28671
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /dede/stepselectmain.php...
CVE-2024-28682
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /dede/syscacheup.php...
CVE-2024-28680
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /dede/diyadd.php...
CVE-2024-28679
DedeCMS v5.7 was discovered to contain a cross-site scripting XSS vulnerability via Photo Collection...
CVE-2024-28668
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via the component /dede/mychanneladd.php...
PT-2024-22519 · Dedecms · Dedecms
Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: A Cross-Site Request Forgery CSRF issue was found in DedeCMS via the component /dede/article description main.php. This allows an attacker to perform unintended actions on the website. Recommendations: For...
PT-2024-22432 · Dedecms · Dedecms
Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: A Cross-Site Request Forgery CSRF issue was found in the /dede/catalog del.php component. This allows for malicious requests to be made without the user's knowledge or consent. Recommendations: For DedeCMS...
PT-2024-22524 · Dedecms · Dedecms
Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: A Cross-Site Request Forgery CSRF issue was found in DedeCMS. The vulnerability can be exploited via the /dede/sys cache up.php API endpoint. Recommendations: For DedeCMS version 5.7, as a temporary workaround...
PT-2024-22516 · Dedecms · Dedecms
Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: A Cross-Site Request Forgery CSRF issue was found in DedeCMS via the "/dede/diy edit.php" API endpoint. Recommendations: For DedeCMS version 5.7, update to a newer version that contains a fix for this issue...
Desdev DedeCMS Security Breach
Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has the functions of content publishing, content management, content editing and content retrieval. A security vulnerability exists ...
PT-2024-22522 · Dedecms · Dedecms
Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: A Cross-Site Request Forgery CSRF issue was found in DedeCMS. The vulnerability can be exploited via the "/dede/diy add.php" API endpoint. Recommendations: For DedeCMS version 5.7, update to a version that...
Design/Logic Flaw
DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/moduleupload.php...
Desdev DedeCMS Security Breach
Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system features content publishing, content management, content editing and content retrieval. A security vulnerability exists in DedeCMS...
CVE-2023-49494
DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting XSS vulnerability via the component selectmediapostwangEditor.php...
CVE-2023-49492
DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting XSS vulnerability via the imgstick parameter at selectimages.php...
Desdev DedeCMS Security Breach
Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has the functions of content publishing, content management, content editing and content retrieval. A security vulnerability exists ...
VulnCheck KEV: CVE-2018-7700
DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tagtestaction.php request can specify a runphp field in conjunction with PHP code...
CVE-2023-5301
A vulnerability classified as critical was found in DedeCMS 5.7.111. This vulnerability affects the function AddMyAddon of the file albumadd.php. The manipulation of the argument albumUploadFiles leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed t...