Vulnerabilities > Dedecms > Dedecms > 5.7.107
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-07 | CVE-2023-7212 | Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms A vulnerability classified as critical has been found in DeDeCMS up to 5.7.112. | 9.8 |
2023-09-28 | CVE-2023-43226 | Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file. | 8.8 |
2023-08-24 | CVE-2023-40874 | Cross-site Scripting vulnerability in Dedecms DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_add.php via the votename and voteitem1 parameters. | 5.4 |
2023-08-24 | CVE-2023-40875 | Cross-site Scripting vulnerability in Dedecms DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_edit.php via the votename and votenote parameters. | 5.4 |
2023-08-24 | CVE-2023-40876 | Cross-site Scripting vulnerability in Dedecms DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_add.php via the title parameter. | 5.4 |
2023-08-24 | CVE-2023-40877 | Cross-site Scripting vulnerability in Dedecms DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_edit.php via the title parameter. | 5.4 |
2023-07-31 | CVE-2023-34842 | Code Injection vulnerability in Dedecms Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows remote attackers to run arbitrary code via crafted POST request to /dede/tpl.php. | 9.8 |
2023-04-27 | CVE-2023-30380 | Path Traversal vulnerability in Dedecms 5.7.107 An issue in the component /dialog/select_media.php of DedeCMS v5.7.107 allows attackers to execute a directory traversal. | 7.5 |