Vulnerabilities > Dedecms > Dedecms > 5.7.64
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-24 | CVE-2023-40876 | Cross-site Scripting vulnerability in Dedecms DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_add.php via the title parameter. | 5.4 |
| 2023-08-24 | CVE-2023-40877 | Cross-site Scripting vulnerability in Dedecms DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_edit.php via the title parameter. | 5.4 |
| 2023-07-31 | CVE-2023-34842 | Code Injection vulnerability in Dedecms Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows remote attackers to run arbitrary code via crafted POST request to /dede/tpl.php. | 9.8 |
| 2023-05-27 | CVE-2023-2928 | Unspecified vulnerability in Dedecms A vulnerability was found in DedeCMS up to 5.7.106. | 8.8 |
| 2023-04-14 | CVE-2023-2056 | Unspecified vulnerability in Dedecms A vulnerability was found in DedeCMS up to 5.7.87 and classified as critical. | 9.8 |
| 2023-03-16 | CVE-2023-27707 | SQL Injection vulnerability in Dedecms SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dede/group_store.php endpoint. | 7.2 |
| 2023-03-16 | CVE-2023-27709 | SQL Injection vulnerability in Dedecms SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dedestory_catalog.php endpoint. | 7.2 |
| 2022-12-27 | CVE-2022-46442 | SQL Injection vulnerability in Dedecms dedecms <=V5.7.102 is vulnerable to SQL Injection. | 9.8 |