Vulnerabilities > Dedecms > Dedecms > 5.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-16 | CVE-2023-27707 | SQL Injection vulnerability in Dedecms SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dede/group_store.php endpoint. | 7.2 |
| 2023-03-16 | CVE-2023-27709 | SQL Injection vulnerability in Dedecms SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dedestory_catalog.php endpoint. | 7.2 |
| 2020-01-06 | CVE-2015-4553 | Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.5/5.6/5.7 A file upload issue exists in DeDeCMS before 5.7-sp1, which allows malicious users getshell. | 6.5 |
| 2019-02-16 | CVE-2019-8362 | Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.5/5.6/5.7 DedeCMS through V5.7SP2 allows arbitrary file upload in dede/album_edit.php or dede/album_add.php, as demonstrated by a dede/album_edit.php?dopost=save&formzip=1 request with a ZIP archive that contains a file such as "1.jpg.php" (because input validation only checks that .jpg, .png, or .gif is present as a substring, and does not otherwise check the file name or content). | 5.0 |
| 2018-06-08 | CVE-2018-12046 | Improper Input Validation vulnerability in Dedecms 5.5/5.6/5.7 DedeCMS through 5.7SP2 allows arbitrary file write in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file. | 5.0 |
| 2017-12-18 | CVE-2017-17731 | SQL Injection vulnerability in Dedecms 5.5/5.6/5.7 DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php. | 7.5 |
| 2017-12-18 | CVE-2017-17730 | SQL Injection vulnerability in Dedecms 5.5/5.6/5.7 DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php. | 7.5 |
| 2017-12-18 | CVE-2017-17727 | Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.5/5.6 DedeCMS through 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in the templet parameter to member/article_edit.php. | 6.8 |
| 2012-09-23 | CVE-2011-5200 | SQL Injection vulnerability in Dedecms 5.6 Multiple SQL injection vulnerabilities in DeDeCMS, possibly 5.6, allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) list.php, (2) members.php, or (3) book.php. | 7.5 |