5 matches found
CVE-2024-35510
An arbitrary file upload vulnerability in /dede/filemanagecontrol.php of DedeCMS v5.7.114 allows attackers to execute arbitrary code via uploading a crafted file...
CVE-2024-34245
An arbitrary file read vulnerability in DedeCMS v5.7.114 allows authenticated attackers to read arbitrary files by specifying any path in makehtmljsaction.php...
CVE-2024-34245
DedeCMS 5.7.114 is affected by an authenticated arbitrary file-read vulnerability in makehtml_js_action.php. The root cause is insufficient validation of a supplied path, enabling an attacker with basic access rights to read arbitrary server files. Impact is high on confidentiality (C:H in CVSS) ...
CVE-2024-33749
DedeCMS V5.7.114 is vulnerable to deletion of any file via mailfilemanage.php...
CVE-2024-33749
Summary of CVE-2024-33749 : DedeCMS v5.7.114 is vulnerable to deletion of any file via the mail_file_manage.php script. The vulnerability enables unauthorized file deletion, with CVSSv3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H (base score 9.1, CRITICAL) indicating high impact on integrity and availa...