Vulnerabilities > Dedecms

DATE CVE VULNERABILITY TITLE RISK
2022-11-17 CVE-2022-43192 Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7.101
An arbitrary file upload vulnerability in the component /dede/file_manage_control.php of Dedecms v5.7.101 allows attackers to execute arbitrary code via a crafted PHP file.
local
low complexity
dedecms CWE-434
6.7
2022-11-09 CVE-2022-43031 Cross-Site Request Forgery (CSRF) vulnerability in Dedecms 6.1.9
DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords.
network
low complexity
dedecms CWE-352
8.8
2022-10-12 CVE-2022-40921 Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7.99
DedeCMS V5.7.99 was discovered to contain an arbitrary file upload vulnerability via the component /dede/file_manage_control.php.
network
low complexity
dedecms CWE-434
7.2
2022-10-03 CVE-2022-40886 Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7.98
DedeCMS 5.7.98 has a file upload vulnerability in the background.
network
low complexity
dedecms CWE-434
7.2
2022-05-26 CVE-2022-30508 Incorrect Permission Assignment for Critical Resource vulnerability in Dedecms 5.7.93
DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter.
network
low complexity
dedecms CWE-732
5.5
2022-02-14 CVE-2022-23337 SQL Injection vulnerability in Dedecms 5.7.87
DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerability in article_coonepage_rule.php via the ids parameter.
network
low complexity
dedecms CWE-89
7.5
2021-10-22 CVE-2020-23044 Cross-site Scripting vulnerability in Dedecms 7.5
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_pic_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
network
dedecms CWE-79
3.5
2021-10-22 CVE-2020-23046 Cross-site Scripting vulnerability in Dedecms 7.5
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tpl.php via the `filename`, `mid`, `userid`, and `templet' parameters.
network
dedecms CWE-79
4.3
2021-10-22 CVE-2020-36490 Cross-site Scripting vulnerability in Dedecms 7.5
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
network
dedecms CWE-79
3.5
2021-10-22 CVE-2020-36491 Cross-site Scripting vulnerability in Dedecms 7.5
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tags_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
network
dedecms CWE-79
3.5