12 matches found
CVE-2025-15004
A vulnerability was identified in DedeCMS up to 5.7.118. This impacts an unknown function of the file /freelistmain.php. The manipulation of the argument orderby leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...
CVE-2025-15004
A vulnerability was identified in DedeCMS up to 5.7.118. This impacts an unknown function of the file /freelistmain.php. The manipulation of the argument orderby leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...
CVE-2025-15004
CVE-2025-15004 affects DedeCMS up to 5.7.118. The vulnerability is a SQL injection in the file /freelist_main.php caused by manipulating the orderby parameter, which can be exploited remotely. Public exploit code exists and is referenced across multiple feeds (e.g., PT-2025-52615, CNNVD, NVD). Re...
PT-2025-52615
Name of the Vulnerable Software and Affected Versions DedeCMS versions prior to 5.7.118 Description A flaw exists in DedeCMS that allows for SQL injection. The issue is due to the manipulation of the orderby argument in the /freelist main.php file. This can be exploited remotely. The exploit is...
CVE-2025-12860
A vulnerability was found in DedeBIZ up to 6.3.2. Affected is an unknown function of the file /admin/freelistmain.php. The manipulation of the argument orderby results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...
CVE-2025-12860
A vulnerability was found in DedeBIZ up to 6.3.2. Affected is an unknown function of the file /admin/freelistmain.php. The manipulation of the argument orderby results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...
CVE-2025-12860 DedeBIZ freelist_main.php sql injection
A vulnerability was found in DedeBIZ up to 6.3.2. Affected is an unknown function of the file /admin/freelistmain.php. The manipulation of the argument orderby results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...
EUVD-2025-38254
A vulnerability was found in DedeBIZ up to 6.3.2. Affected is an unknown function of the file /admin/freelistmain.php. The manipulation of the argument orderby results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...
CVE-2025-12860 DedeBIZ freelist_main.php sql injection
A vulnerability was found in DedeBIZ up to 6.3.2. Affected is an unknown function of the file /admin/freelistmain.php. The manipulation of the argument orderby results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...
DedeBIZ 安全漏洞
DedeBIZ is a content management system from China Muyun Intelligence DedeBIZ company. A security vulnerability exists in DedeBIZ 6.3.2 and earlier versions, which stems from an incorrect manipulation of the parameter orderby in the file /admin/freelistmain.php, which could lead to a SQL injection...
Desdev DedeCMS Security Breach
Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has content publishing, content management, content editing and content retrieval functions. A security vulnerability exists in...
PT-2024-22512 · Dedecms · Dedecms
Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: A Cross-Site Request Forgery CSRF issue was found in DedeCMS. The issue is related to the "/dede/freelist main.php" endpoint. Recommendations: For DedeCMS version 5.7, as a temporary workaround, consider...