Vulnerabilities > Dedecms > Dedecms > 5.7
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-04-14 | CVE-2023-2056 | Code Injection vulnerability in Dedecms A vulnerability was found in DedeCMS up to 5.7.87 and classified as critical. | 9.8 |
2023-03-16 | CVE-2023-27707 | SQL Injection vulnerability in Dedecms SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dede/group_store.php endpoint. | 7.2 |
2023-03-16 | CVE-2023-27709 | SQL Injection vulnerability in Dedecms SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dedestory_catalog.php endpoint. | 7.2 |
2021-08-27 | CVE-2020-18114 | Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7 An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows attackers to upload a webshell in HTM format. | 7.5 |
2021-08-24 | CVE-2020-18917 | Cross-Site Request Forgery (CSRF) vulnerability in Dedecms 5.7 The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker's control. | 6.8 |
2021-06-16 | CVE-2020-22198 | SQL Injection vulnerability in Dedecms 5.7 SQL Injection vulnerability in DedeCMS 5.7 via mdescription parameter to member/ajax_membergroup.php. | 7.5 |
2021-05-15 | CVE-2020-16632 | Cross-site Scripting vulnerability in Dedecms 5.7 A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter. | 3.5 |
2021-05-15 | CVE-2021-32073 | Cross-Site Request Forgery (CSRF) vulnerability in Dedecms 5.7 DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution. | 6.8 |
2020-01-06 | CVE-2015-4553 | Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.5/5.6/5.7 A file upload issue exists in DeDeCMS before 5.7-sp1, which allows malicious users getshell. | 6.5 |
2019-03-24 | CVE-2019-10014 | Incorrect Authorization vulnerability in Dedecms 5.7 In DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticated users to reset the passwords of arbitrary users via a modified id parameter, because the key parameter is not properly validated. | 4.0 |