Vulnerabilities > Dedecms

DATE CVE VULNERABILITY TITLE RISK
2023-09-30 CVE-2023-5301 OS Command Injection vulnerability in Dedecms 5.7.111
A vulnerability classified as critical was found in DedeCMS 5.7.111.
network
low complexity
dedecms CWE-78
8.8
8.8
2023-09-28 CVE-2023-43226 Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms
An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file.
network
low complexity
dedecms CWE-434
8.8
8.8
2023-09-17 CVE-2023-5022 Absolute Path Traversal vulnerability in Dedecms
A vulnerability has been found in DedeCMS up to 5.7.100 and classified as critical.
network
low complexity
dedecms CWE-36
8.8
8.8
2023-09-12 CVE-2023-40784 Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7.102
DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/module_make.php.
network
low complexity
dedecms CWE-434
critical
 9.8
9.8
2023-09-04 CVE-2023-4747 SQL Injection vulnerability in Dedecms 5.7.110
A vulnerability classified as critical was found in DedeCMS 5.7.110.
network
low complexity
dedecms CWE-89
critical
 9.8
9.8
2023-08-24 CVE-2023-40874 Cross-site Scripting vulnerability in Dedecms
DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_add.php via the votename and voteitem1 parameters.
network
low complexity
dedecms CWE-79
5.4
5.4
2023-08-24 CVE-2023-40875 Cross-site Scripting vulnerability in Dedecms
DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_edit.php via the votename and votenote parameters.
network
low complexity
dedecms CWE-79
5.4
5.4
2023-08-24 CVE-2023-40876 Cross-site Scripting vulnerability in Dedecms
DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_add.php via the title parameter.
network
low complexity
dedecms CWE-79
5.4
5.4
2023-08-24 CVE-2023-40877 Cross-site Scripting vulnerability in Dedecms
DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_edit.php via the title parameter.
network
low complexity
dedecms CWE-79
5.4
5.4
2023-08-03 CVE-2023-36298 Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7.109
DedeCMS v5.7.109 has a File Upload vulnerability, leading to remote code execution (RCE).
network
low complexity
dedecms CWE-434
8.8
8.8