114 matches found
CVE-2023-43226
An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file...
CVE-2023-43232
A stored cross-site scripting XSS vulnerability in the Website column management function of DedeBIZ v6.2.11 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter...
CVE-2023-40784
DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/modulemake.php...
CVE-2023-40784
DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/modulemake.php...
PT-2023-27636 · Dedecms · Dedecms
Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.102 Description: The issue concerns a File Upload vulnerability. It is exploitable via the uploads/dede/module make.php endpoint. Recommendations: For DedeCMS version 5.7.102, consider restricting access to the...
The vulnerability of the file_pic_view.php component in the DedeCMS content management system, related to the lack of protective measures for website structures, allows attackers to carry out XSS attacks.
The vulnerability of the filepicview.php component in the DedeCMS content management system is related to the lack of measures taken to protect the website’s structure. Exploiting this vulnerability allows a malicious actor to perform XSS attacks remotely...
CVE-2023-40874
DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting XSS vulnerabilities at /dede/voteadd.php via the votename and voteitem1 parameters...
CVE-2023-40876
DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting XSS vulnerability at /dede/freelistadd.php via the title parameter...
Desdev DedeCMS 跨站脚本漏洞
Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has content publishing, content management, content editing and content retrieval functions. A cross-site scripting vulnerability...
CVE-2023-34842
Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows remote attackers to run arbitrary code via crafted POST request to /dede/tpl.php...
PT-2023-26141 · Dedecms · Dedecms
Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.109 Description: The issue is related to an arbitrary file upload vulnerability. It affects the /dede/file manage control.php endpoint, allowing attackers to execute arbitrary code by uploading a crafted PHP file...
PT-2023-25307 · Dedecms · Dedecms
Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.109 Description: A critical issue was found in DedeCMS, affecting an unknown functionality of the file co do.php. The manipulation of the rssurl argument leads to server-side request forgery. Recommendations: For DedeCMS...
CVE-2023-31757
DedeCMS up to v5.7.108 is vulnerable to XSS in sysinfo.php via parameters 'editcfgpowerby' and 'editcfgbeian'...
CVE-2023-2424
A vulnerability was found in DedeCMS 5.7.106 and classified as critical. Affected by this issue is the function UpDateMemberModCache of the file uploads/dede/config.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the publi...
CVE-2023-2059
A vulnerability was found in DedeCMS 5.7.87. It has been rated as problematic. Affected by this issue is some unknown functionality of the file uploads/include/dialog/selecttemplets.php. The manipulation leads to path traversal: '..\filedir'. The attack may be launched remotely. The exploit has...
CVE-2023-27707
SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank parameter in the /dede/groupstore.php endpoint...
Desdev DedeCMS 跨站脚本漏洞
Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has content publishing, content management, content editing and content retrieval functions. A security vulnerability exists in...
CVE-2022-40921
DedeCMS V5.7.99 was discovered to contain an arbitrary file upload vulnerability via the component /dede/filemanagecontrol.php...
CVE-2022-36583
DedeCMS V5.7.97 was discovered to contain multiple cross-site scripting XSS vulnerabilities at /dede/codo.php via the dopost, rpok, and aid parameters...
CVE-2022-36216
DedeCMS v5.7.94 - v5.7.97 was discovered to contain a remote code execution vulnerability in membertoadmin.php...