Vulnerabilities > Dedecms > Dedecms > 5.7.93

DATE CVE VULNERABILITY TITLE RISK
2023-03-16 CVE-2023-27709 SQL Injection vulnerability in Dedecms
SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dedestory_catalog.php endpoint.
network
low complexity
dedecms CWE-89
7.2
7.2
2022-05-26 CVE-2022-30508 Path Traversal vulnerability in Dedecms 5.7.93
DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter.
network
low complexity
dedecms CWE-22
6.5
6.5