16 matches found
EUVD-2023-36048
Malicious code in bioql PyPI...
CVE-2024-4590
CVE-2024-4590 affects DedeCMS 5.7, with the vulnerable element in /src/dede/sys_info.php. The issue enables cross-site request forgery (CSRF) via manipulation of that file’s functionality. The attack is described as remotely launchable and the exploit has been disclosed publicly. Exploitation det...
Desdev DedeCMS 跨站请求伪造漏洞
Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open source content management system CMS from China's Desdev Network Desdev. The system has content publishing, content management, content editing and content retrieval functions. A cross-site request forgery vulnerability...
CVE-2023-31757
DedeCMS up to v5.7.108 is vulnerable to XSS in sysinfo.php via parameters 'editcfgpowerby' and 'editcfgbeian'...
CVE-2023-31757
DedeCMS up to v5.7.108 is vulnerable to XSS in sysinfo.php via parameters 'editcfgpowerby' and 'editcfgbeian'...
CVE-2023-31757
DedeCMS up to v5.7.108 is vulnerable to XSS in sysinfo.php via parameters 'editcfgpowerby' and 'editcfgbeian'...
Design/Logic Flaw
DedeCMS up to v5.7.108 is vulnerable to XSS in sysinfo.php via parameters 'editcfgpowerby' and 'editcfgbeian'...
CVE-2023-31757
DedeCMS up to v5.7.108 is vulnerable to XSS in sysinfo.php via parameters 'editcfgpowerby' and 'editcfgbeian'...
CVE-2023-31757
DedeCMS up to v5.7.108 is vulnerable to XSS in sysinfo.php via parameters 'editcfgpowerby' and 'editcfgbeian'...
CVE-2023-31757
DedeCMS up to version 5.7.108 is vulnerable to cross-site scripting (XSS) in sys_info.php via the parameters edit___cfg_powerby and edit___cfg_beian. The underlying issue is an XSS flaw in how these query/POST parameters are processed, enabling attacker-supplied HTML/JS to be reflected in the adm...
CVE-2022-36215
DedeBIZ v6 was discovered to contain a remote code execution vulnerability in sysinfo.php...
CVE-2022-36215
DedeBIZ v6 was discovered to contain a remote code execution vulnerability in sysinfo.php...
Remote code execution
DedeBIZ v6 was discovered to contain a remote code execution vulnerability in sysinfo.php...
CVE-2022-36215
DedeBIZ v6 was discovered to contain a remote code execution vulnerability in sysinfo.php...
CVE-2022-36215
CVE-2022-36215 affects DedeBIZ v6; a remote code execution flaw exists in the sys_info.php component. Public entries consistently describe remote code execution via that file, with the root cause at the sys_info.php module. Impact details are that arbitrary code execution could be achieved on the...
EUVD-2022-38934
DedeBIZ v6 was discovered to contain a remote code execution vulnerability in sysinfo.php...