CVE-2024-7904 DedeBIZ File Extension file_manage_control.php unrestricted upload

A vulnerability was found in DedeBIZ 6.3.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin/filemanagecontrol.php of the component File Extension Handler. The manipulation of the argument upfile1 leads to unrestricted upload. The attack may be...

CVE-2024-35510

An arbitrary file upload vulnerability in /dede/filemanagecontrol.php of DedeCMS v5.7.114 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2023-43234

DedeBIZ v6.2.11 was discovered to contain multiple remote code execution RCE vulnerabilities at /admin/filemanagecontrol.php via the $activepath and $filename parameters...

CVE-2023-43234

CVE-2023-43234 affects DedeBIZ v6.2.11. The vulnerability exists in the /admin/file_manage_control.php endpoint, exploitable via the $activepath and $filename parameters, enabling remote code execution. Multiple sources describe the root cause as improper handling/filtering of constructed snippet...

CVE-2022-44118

dedecmdv6 v6.1.9 is vulnerable to Remote Code Execution RCE via filemanagecontrol.php...

CVE-2022-43196

dedecmdv6 v6.1.9 is vulnerable to Arbitrary file deletion via filemanagecontrol.php...

Arbitrary file deletion

dedecmdv6 v6.1.9 is vulnerable to Arbitrary file deletion via filemanagecontrol.php...

CVE-2022-44118

dedecmdv6 v6.1.9 is vulnerable to Remote Code Execution RCE via filemanagecontrol.php...

CVE-2022-44118

CVE-2022-44118 affects dedecmdv6 v6.1.9, with a Remote Code Execution (RCE) vulnerability via the file_manage_control.php endpoint. Public sources consistently identify an RCE risk in this version; details include the affected software (dedecmdv6 v6.1.9) and the vulnerable endpoint. The issue is ...

DedeCMS 安全漏洞

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has content publishing, content management, content editing and content retrieval functions. A security vulnerability exists in...

CVE-2022-43196

dedecmdv6 v6.1.9 is vulnerable to Arbitrary file deletion via filemanagecontrol.php...

CVE-2022-43196

CVE-2022-43196 affects dedecmdv6 v6.1.9. The vulnerability enables Arbitrary file deletion via the file_manage_control.php endpoint. The provided documents confirm the affected software and the specific function/file involved, but do not supply full root-cause details, affected environments beyon...

CVE-2022-40921

CVE-2022-40921 refers to a vulnerability in DedeCMS v5.7.99 where an arbitrary file upload is possible through the component /dede/file_manage_control.php. The available documents consistently identify the affected product and the vulnerable function but do not detail the exact root cause beyond ...

CVE-2022-40921

DedeCMS V5.7.99 was discovered to contain an arbitrary file upload vulnerability via the component /dede/filemanagecontrol.php...

CVE-2018-12045

DedeCMS through V5.7SP2 allows arbitrary file upload in dede/filemanagecontrol.php via a dede/filemanageview.php?fmdo=upload request with an upfile1 parameter, as demonstrated by uploading a .php file...

CVE-2018-12046

DedeCMS through 5.7SP2 allows arbitrary file write in dede/filemanagecontrol.php via a dede/filemanageview.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file...

Design/Logic Flaw

DedeCMS through 5.7SP2 allows arbitrary file write in dede/filemanagecontrol.php via a dede/filemanageview.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file...