Lucene search
K

114 matches found

Cvelist
Cvelist
added 2023/09/28 12:0 a.m.31 views

CVE-2023-43226

An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file...

9.1AI score0.00858EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/09/27 3:19 p.m.10 views

CVE-2023-43232

A stored cross-site scripting XSS vulnerability in the Website column management function of DedeBIZ v6.2.11 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter...

5.4CVSS6.2AI score0.0033EPSS
Exploits0References4
NVD
NVD
added 2023/09/12 3:15 p.m.16 views

CVE-2023-40784

DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/modulemake.php...

9.8CVSS9.5AI score0.00561EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/09/12 12:0 a.m.11 views

CVE-2023-40784

DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/modulemake.php...

7AI score0.00561EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/09/12 12:0 a.m.6 views

PT-2023-27636 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.102 Description: The issue concerns a File Upload vulnerability. It is exploitable via the uploads/dede/module make.php endpoint. Recommendations: For DedeCMS version 5.7.102, consider restricting access to the...

9.8CVSS6.7AI score0.00561EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2023/09/07 12:0 a.m.8 views

The vulnerability of the file_pic_view.php component in the DedeCMS content management system, related to the lack of protective measures for website structures, allows attackers to carry out XSS attacks.

The vulnerability of the filepicview.php component in the DedeCMS content management system is related to the lack of measures taken to protect the website’s structure. Exploiting this vulnerability allows a malicious actor to perform XSS attacks remotely...

5.4CVSS5.8AI score0.00562EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/08/24 3:15 p.m.3 views

CVE-2023-40874

DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting XSS vulnerabilities at /dede/voteadd.php via the votename and voteitem1 parameters...

5.4CVSS5.5AI score0.00387EPSS
Exploits1References2
OSV
OSV
added 2023/08/24 3:15 p.m.3 views

CVE-2023-40876

DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting XSS vulnerability at /dede/freelistadd.php via the title parameter...

5.4CVSS5.7AI score0.00387EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/08/24 12:0 a.m.5 views

Desdev DedeCMS 跨站脚本漏洞

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has content publishing, content management, content editing and content retrieval functions. A cross-site scripting vulnerability...

5.4CVSS5.3AI score0.00387EPSS
Exploits1References2
OSV
OSV
added 2023/07/31 2:15 p.m.6 views

CVE-2023-34842

Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows remote attackers to run arbitrary code via crafted POST request to /dede/tpl.php...

9.8CVSS6.2AI score0.00948EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/07/13 12:0 a.m.7 views

PT-2023-26141 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.109 Description: The issue is related to an arbitrary file upload vulnerability. It affects the /dede/file manage control.php endpoint, allowing attackers to execute arbitrary code by uploading a crafted PHP file...

9.8CVSS9.6AI score0.01042EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/07/10 12:0 a.m.4 views

PT-2023-25307 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.109 Description: A critical issue was found in DedeCMS, affecting an unknown functionality of the file co do.php. The manipulation of the rssurl argument leads to server-side request forgery. Recommendations: For DedeCMS...

9.8CVSS5.8AI score0.03381EPSS
Exploits1References5
OSV
OSV
added 2023/05/19 2:15 p.m.4 views

CVE-2023-31757

DedeCMS up to v5.7.108 is vulnerable to XSS in sysinfo.php via parameters 'editcfgpowerby' and 'editcfgbeian'...

5.4CVSS6AI score0.00447EPSS
Exploits1References1
OSV
OSV
added 2023/04/29 8:15 a.m.4 views

CVE-2023-2424

A vulnerability was found in DedeCMS 5.7.106 and classified as critical. Affected by this issue is the function UpDateMemberModCache of the file uploads/dede/config.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the publi...

8.8CVSS6.3AI score0.00883EPSS
Exploits1References3
OSV
OSV
added 2023/04/14 3:15 p.m.7 views

CVE-2023-2059

A vulnerability was found in DedeCMS 5.7.87. It has been rated as problematic. Affected by this issue is some unknown functionality of the file uploads/include/dialog/selecttemplets.php. The manipulation leads to path traversal: '..\filedir'. The attack may be launched remotely. The exploit has...

5.3CVSS4.9AI score0.02406EPSS
Exploits1References3
OSV
OSV
added 2023/03/16 3:15 p.m.4 views

CVE-2023-27707

SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank parameter in the /dede/groupstore.php endpoint...

7.2CVSS6.1AI score0.01297EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/02/02 12:0 a.m.5 views

Desdev DedeCMS 跨站脚本漏洞

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has content publishing, content management, content editing and content retrieval functions. A security vulnerability exists in...

5.4CVSS5.2AI score0.004EPSS
Exploits1References2
OSV
OSV
added 2022/10/12 12:15 a.m.5 views

CVE-2022-40921

DedeCMS V5.7.99 was discovered to contain an arbitrary file upload vulnerability via the component /dede/filemanagecontrol.php...

7.2CVSS5.8AI score0.0091EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/09/01 6:15 p.m.3 views

CVE-2022-36583

DedeCMS V5.7.97 was discovered to contain multiple cross-site scripting XSS vulnerabilities at /dede/codo.php via the dopost, rpok, and aid parameters...

6.1CVSS6.2AI score0.0051EPSS
Exploits1References2
OSV
OSV
added 2022/08/17 8:15 p.m.4 views

CVE-2022-36216

DedeCMS v5.7.94 - v5.7.97 was discovered to contain a remote code execution vulnerability in membertoadmin.php...

7.2CVSS6.3AI score0.01717EPSS
Exploits1References1
Rows per page
Query Builder