Vulnerabilities > Dedecms > Dedecms > 5.7
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-02-13 | CVE-2018-6910 | Exposure of Resource to Wrong Sphere vulnerability in Dedecms 5.7 DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php. | 5.0 |
2018-02-12 | CVE-2018-6881 | Information Exposure vulnerability in multiple products EmpireCMS 6.6 allows remote attackers to discover the full path via an array value for a parameter to admin/tool/ShowPic.php. | 5.0 |
2017-12-18 | CVE-2017-17731 | SQL Injection vulnerability in Dedecms 5.5/5.6/5.7 DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php. | 7.5 |
2017-12-18 | CVE-2017-17730 | SQL Injection vulnerability in Dedecms 5.5/5.6/5.7 DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php. | 7.5 |