6 matches found
CVE-2024-34245
An arbitrary file read vulnerability in DedeCMS v5.7.114 allows authenticated attackers to read arbitrary files by specifying any path in makehtmljsaction.php...
EUVD-2024-34709
Malicious code in bioql PyPI...
CVE-2024-34245
An arbitrary file read vulnerability in DedeCMS v5.7.114 allows authenticated attackers to read arbitrary files by specifying any path in makehtmljsaction.php...
CVE-2024-34245
An arbitrary file read vulnerability in DedeCMS v5.7.114 allows authenticated attackers to read arbitrary files by specifying any path in makehtmljsaction.php...
CVE-2024-34245
DedeCMS 5.7.114 is affected by an authenticated arbitrary file-read vulnerability in makehtml_js_action.php. The root cause is insufficient validation of a supplied path, enabling an attacker with basic access rights to read arbitrary server files. Impact is high on confidentiality (C:H in CVSS) ...
CVE-2024-3145 DedeCMS makehtml_js_action.php cross-site request forgery
A vulnerability was found in DedeCMS 5.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /src/dede/makehtmljsaction.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to...