Vulnerabilities > Dedecms

DATE CVE VULNERABILITY TITLE RISK
2024-01-22 CVE-2024-22895 Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7.112
DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php.
network
low complexity
dedecms CWE-434
8.8
2024-01-07 CVE-2023-7212 Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms
A vulnerability classified as critical has been found in DeDeCMS up to 5.7.112.
network
low complexity
dedecms CWE-434
critical
9.8
2023-12-11 CVE-2023-49494 Cross-site Scripting vulnerability in Dedecms 5.7.111
DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component select_media_post_wangEditor.php.
network
low complexity
dedecms CWE-79
6.1
2023-12-07 CVE-2023-49492 Cross-site Scripting vulnerability in Dedecms 5.7.111
DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the imgstick parameter at selectimages.php.
network
low complexity
dedecms CWE-79
6.1
2023-12-07 CVE-2023-49493 Cross-site Scripting vulnerability in Dedecms 5.7.111
DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the v parameter at selectimages.php.
network
low complexity
dedecms CWE-79
6.1
2023-11-16 CVE-2023-43275 Cross-Site Request Forgery (CSRF) vulnerability in Dedecms 5.7
Cross-Site Request Forgery (CSRF) vulnerability in DedeCMS v5.7 in 110 backend management interface via /catalog_add.php, allows attackers to create crafted web pages due to a lack of verification of the token value of the submitted form.
network
low complexity
dedecms CWE-352
8.8
2023-11-13 CVE-2023-48068 Cross-site Scripting vulnerability in Dedecms 6.2
DedeCMS v6.2 was discovered to contain a Cross-site Scripting (XSS) vulnerability via spec_add.php.
network
low complexity
dedecms CWE-79
5.4
2023-09-30 CVE-2023-5301 OS Command Injection vulnerability in Dedecms 5.7.111
A vulnerability classified as critical was found in DedeCMS 5.7.111.
network
low complexity
dedecms CWE-78
8.8
2023-09-28 CVE-2023-43226 Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms
An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file.
network
low complexity
dedecms CWE-434
8.8
2023-09-17 CVE-2023-5022 Absolute Path Traversal vulnerability in Dedecms
A vulnerability has been found in DedeCMS up to 5.7.100 and classified as critical.
network
low complexity
dedecms CWE-36
8.8