8 matches found
CVE-2021-32073
DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution...
Cross site request forgery (csrf)
DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution...
CVE-2020-16632
A XSS Vulnerability in /uploads/dede/actionsearch.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter...
CVE-2021-32073
DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution...
Design/Logic Flaw
An issue was discovered in DedeCMS V5.7 SP2. uploads/include/dialog/selectimagespost.php allows remote attackers to upload and execute arbitrary PHP code via a double extension and a modified ".php" substring, in conjunction with the image/jpeg content type, as demonstrated by the...
Design/Logic Flaw
XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell...
CVE-2018-16785
XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell...
CVE-2018-10375
A file uploading vulnerability exists in /include/helpers/upload.helper.php in DedeCMS V5.7 SP2, which can be utilized by attackers to upload and execute arbitrary PHP code via the /dede/archivesdo.php?dopost=uploadLitpic litpic parameter when "Content-Type: image/jpeg" is sent, but the filename...