Lucene search
K

114 matches found

OSV
OSV
added 2024/03/26 2:15 p.m.5 views

CVE-2024-29684

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF via the component /src/dede/makehtmlhomepage.php allowing a remote attacker to execute arbitrary code...

9.8CVSS6AI score0.00571EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/03/26 12:0 a.m.3 views

DedeCMS 安全漏洞

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has content publishing, content management, content editing and content retrieval functions. A security vulnerability exists in...

9.8CVSS6.6AI score0.00571EPSS
Exploits1References2
OSV
OSV
added 2024/03/13 4:15 p.m.4 views

CVE-2024-28671

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /dede/stepselectmain.php...

8.8CVSS5.8AI score0.00876EPSS
Exploits1References1
OSV
OSV
added 2024/03/13 4:15 p.m.3 views

CVE-2024-28682

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /dede/syscacheup.php...

6.3CVSS5.8AI score0.00233EPSS
Exploits1References1
OSV
OSV
added 2024/03/13 4:15 p.m.2 views

CVE-2024-28680

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /dede/diyadd.php...

6.1CVSS6.6AI score0.00482EPSS
Exploits1References1
OSV
OSV
added 2024/03/13 4:15 p.m.3 views

CVE-2024-28679

DedeCMS v5.7 was discovered to contain a cross-site scripting XSS vulnerability via Photo Collection...

6.1CVSS5.7AI score0.00472EPSS
Exploits1References1
OSV
OSV
added 2024/03/13 1:15 p.m.2 views

CVE-2024-28668

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via the component /dede/mychanneladd.php...

6.1CVSS6.5AI score0.00383EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/03/13 12:0 a.m.4 views

PT-2024-22519 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: A Cross-Site Request Forgery CSRF issue was found in DedeCMS via the component /dede/article description main.php. This allows an attacker to perform unintended actions on the website. Recommendations: For...

6.3CVSS6.8AI score0.00233EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/03/13 12:0 a.m.6 views

PT-2024-22432 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: A Cross-Site Request Forgery CSRF issue was found in the /dede/catalog del.php component. This allows for malicious requests to be made without the user's knowledge or consent. Recommendations: For DedeCMS...

8.8CVSS6.7AI score0.00332EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/03/13 12:0 a.m.3 views

PT-2024-22524 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: A Cross-Site Request Forgery CSRF issue was found in DedeCMS. The vulnerability can be exploited via the /dede/sys cache up.php API endpoint. Recommendations: For DedeCMS version 5.7, as a temporary workaround...

6.3CVSS6.8AI score0.00233EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/03/13 12:0 a.m.4 views

PT-2024-22516 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: A Cross-Site Request Forgery CSRF issue was found in DedeCMS via the "/dede/diy edit.php" API endpoint. Recommendations: For DedeCMS version 5.7, update to a newer version that contains a fix for this issue...

8.8CVSS7AI score0.00316EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/03/13 12:0 a.m.4 views

Desdev DedeCMS Security Breach

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has the functions of content publishing, content management, content editing and content retrieval. A security vulnerability exists ...

6.3CVSS6.8AI score0.00233EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/03/13 12:0 a.m.3 views

PT-2024-22522 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: A Cross-Site Request Forgery CSRF issue was found in DedeCMS. The vulnerability can be exploited via the "/dede/diy add.php" API endpoint. Recommendations: For DedeCMS version 5.7, update to a version that...

6.1CVSS7AI score0.00482EPSS
Exploits1References5
Prion
Prion
added 2024/01/22 3:15 p.m.15 views

Design/Logic Flaw

DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/moduleupload.php...

6.5CVSS7.2AI score0.00767EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2024/01/22 12:0 a.m.5 views

Desdev DedeCMS Security Breach

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system features content publishing, content management, content editing and content retrieval. A security vulnerability exists in DedeCMS...

8.8CVSS6.8AI score0.00767EPSS
Exploits1References2
OSV
OSV
added 2023/12/11 9:15 p.m.5 views

CVE-2023-49494

DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting XSS vulnerability via the component selectmediapostwangEditor.php...

6.1CVSS5.5AI score0.01176EPSS
Exploits1References2
OSV
OSV
added 2023/12/07 4:15 p.m.5 views

CVE-2023-49492

DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting XSS vulnerability via the imgstick parameter at selectimages.php...

6.1CVSS5.7AI score0.00431EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/12/07 12:0 a.m.6 views

Desdev DedeCMS Security Breach

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has the functions of content publishing, content management, content editing and content retrieval. A security vulnerability exists ...

6.1CVSS6.3AI score0.00427EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2023/11/13 12:0 a.m.5 views

VulnCheck KEV: CVE-2018-7700

DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tagtestaction.php request can specify a runphp field in conjunction with PHP code...

8.8CVSS7.4AI score0.74842EPSS
Exploits1References1
OSV
OSV
added 2023/09/30 11:15 a.m.6 views

CVE-2023-5301

A vulnerability classified as critical was found in DedeCMS 5.7.111. This vulnerability affects the function AddMyAddon of the file albumadd.php. The manipulation of the argument albumUploadFiles leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed t...

8.8CVSS5.5AI score0.06187EPSS
Exploits1References3
Rows per page
Query Builder