Vulnerabilities > Dedecms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-31 | CVE-2023-34842 | Code Injection vulnerability in Dedecms Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows remote attackers to run arbitrary code via crafted POST request to /dede/tpl.php. | 9.8 |
| 2023-07-13 | CVE-2023-37839 | Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7.109 An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.109 allows attackers to execute arbitrary code via uploading a crafted PHP file. | 9.8 |
| 2023-07-10 | CVE-2023-3578 | Server-Side Request Forgery (SSRF) vulnerability in Dedecms 5.7.109 A vulnerability classified as critical was found in DedeCMS 5.7.109. | 9.8 |
| 2023-05-27 | CVE-2023-2928 | Code Injection vulnerability in Dedecms A vulnerability was found in DedeCMS up to 5.7.106. | 8.8 |
| 2023-05-19 | CVE-2023-31757 | Cross-site Scripting vulnerability in Dedecms 5.7.108 DedeCMS up to v5.7.108 is vulnerable to XSS in sys_info.php via parameters 'edit___cfg_powerby' and 'edit___cfg_beian' | 5.4 |
| 2023-04-29 | CVE-2023-2424 | Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7.106 A vulnerability was found in DedeCMS 5.7.106 and classified as critical. | 8.8 |
| 2023-04-27 | CVE-2023-30380 | Path Traversal vulnerability in Dedecms 5.7.107 An issue in the component /dialog/select_media.php of DedeCMS v5.7.107 allows attackers to execute a directory traversal. | 7.5 |
| 2023-04-17 | CVE-2023-27733 | SQL Injection vulnerability in Dedecms 5.7.106 DedeCMS v5.7.106 was discovered to contain a SQL injection vulnerability via the component /dede/sys_sql_query.php. | 7.2 |
| 2023-04-14 | CVE-2023-2059 | Path Traversal: '..filedir' vulnerability in Dedecms 5.7.87 A vulnerability was found in DedeCMS 5.7.87. | 5.3 |
| 2023-04-14 | CVE-2023-2056 | Code Injection vulnerability in Dedecms A vulnerability was found in DedeCMS up to 5.7.87 and classified as critical. | 9.8 |