Vulnerabilities > Dedecms > Dedecms > 5.7.106

DATE CVE VULNERABILITY TITLE RISK
2023-03-16 CVE-2023-27707 SQL Injection vulnerability in Dedecms
SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dede/group_store.php endpoint.
network
low complexity
dedecms CWE-89
7.2
7.2
2023-03-16 CVE-2023-27709 SQL Injection vulnerability in Dedecms
SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dedestory_catalog.php endpoint.
network
low complexity
dedecms CWE-89
7.2
7.2