Vulnerabilities > Dedecms > Dedecms > 5.7

DATE CVE VULNERABILITY TITLE RISK
2018-02-13 CVE-2018-6910 Exposure of Resource to Wrong Sphere vulnerability in Dedecms 5.7
DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php.
network
low complexity
dedecms CWE-668
5.0
5.0
2018-02-12 CVE-2018-6881 Information Exposure vulnerability in multiple products
EmpireCMS 6.6 allows remote attackers to discover the full path via an array value for a parameter to admin/tool/ShowPic.php.
network
low complexity
dedecms phome CWE-200
5.0
5.0
2017-12-18 CVE-2017-17731 SQL Injection vulnerability in Dedecms 5.5/5.6/5.7
DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php.
network
low complexity
dedecms CWE-89
7.5
7.5
2017-12-18 CVE-2017-17730 SQL Injection vulnerability in Dedecms 5.5/5.6/5.7
DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php.
network
low complexity
dedecms CWE-89
7.5
7.5