CVE-2026-10607

A vulnerability was identified in DedeCMS 5.7.88. The impacted element is the function dedehtmlspecialchars of the file /plus/flink.php. The manipulation of the argument msg leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...

CVE-2018-18579

Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter...

CVE-2018-18608

DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATHINFO to /member/index.php, /member/pm.php, /member/contentlist.php, or...

CVE-2024-29661

A File Upload vulnerability in DedeCMS v5.7 allows a local attacker to execute arbitrary code via a crafted payload...

CVE-2024-28678

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via the component /dede/articledescriptionmain.php...

CVE-2024-28679

DedeCMS v5.7 was discovered to contain a cross-site scripting XSS vulnerability via Photo Collection...

CVE-2023-48068

DedeCMS v6.2 was discovered to contain a Cross-site Scripting XSS vulnerability via specadd.php...

CVE-2023-27707

SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank parameter in the /dede/groupstore.php endpoint...

CVE-2023-37839

An arbitrary file upload vulnerability in /dede/filemanagecontrol.php of DedeCMS v5.7.109 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2024-11138

A vulnerability classified as problematic has been found in DedeCMS 5.7.116. This affects an unknown part of the file /dede/uploads/dede/friendlinkadd.php. The manipulation of the argument logoimg leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been...

CVE-2024-34245

An arbitrary file read vulnerability in DedeCMS v5.7.114 allows authenticated attackers to read arbitrary files by specifying any path in makehtmljsaction.php...

PT-2024-27184 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.112-UTF8 Description: A vulnerability has been found in DedeCMS, affecting an unknown functionality of the file update guide.php. The manipulation of the argument files leads to path traversal: '../filedir'. The attack can...

CVE-2024-30946

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /src/dede/codo.php...

PT-2024-22506 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: A Cross-Site Request Forgery CSRF issue was found in the /dede/article add.php component. This allows an attacker to perform unintended actions on the website. Recommendations: For DedeCMS version 5.7, as a...

CVE-2023-49493

DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting XSS vulnerability via the v parameter at selectimages.php...

Code execution vulnerability in DedeCMS V5.7 SP2 dedesys_info.php file

Weaving dream content management system DedeCms is a PHP open source website management system. DedeCMS V5.7 SP2 dedesysinfo.php file has a code execution vulnerability. The vulnerability is due to change the system configuration , parameters are not filtered directly into the database , from the...