Vulnerabilities > Dedecms

DATE CVE VULNERABILITY TITLE RISK
2023-03-16 CVE-2023-27707 SQL Injection vulnerability in Dedecms
SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dede/group_store.php endpoint.
network
low complexity
dedecms CWE-89
7.2
7.2
2023-03-16 CVE-2023-27709 SQL Injection vulnerability in Dedecms
SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dedestory_catalog.php endpoint.
network
low complexity
dedecms CWE-89
7.2
7.2
2023-02-02 CVE-2022-48140 Cross-site Scripting vulnerability in Dedecms 5.7.97
DedeCMS v5.7.97 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /file_manage_view.php?fmdo=edit&filename.
network
low complexity
dedecms CWE-79
5.4
5.4
2022-12-27 CVE-2022-46442 SQL Injection vulnerability in Dedecms
dedecms <=V5.7.102 is vulnerable to SQL Injection.
network
low complexity
dedecms CWE-89
critical
 9.8
9.8
2022-11-17 CVE-2022-43192 Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7.101
An arbitrary file upload vulnerability in the component /dede/file_manage_control.php of Dedecms v5.7.101 allows attackers to execute arbitrary code via a crafted PHP file.
local
low complexity
dedecms CWE-434
6.7
6.7
2022-11-09 CVE-2022-43031 Cross-Site Request Forgery (CSRF) vulnerability in Dedecms 6.1.9
DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords.
network
low complexity
dedecms CWE-352
8.8
8.8
2022-10-12 CVE-2022-40921 Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7.99
DedeCMS V5.7.99 was discovered to contain an arbitrary file upload vulnerability via the component /dede/file_manage_control.php.
network
low complexity
dedecms CWE-434
7.2
7.2
2022-10-03 CVE-2022-40886 Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7.98
DedeCMS 5.7.98 has a file upload vulnerability in the background.
network
low complexity
dedecms CWE-434
7.2
7.2
2022-09-01 CVE-2022-36583 Cross-site Scripting vulnerability in Dedecms 5.7.97
DedeCMS V5.7.97 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/co_do.php via the dopost, rpok, and aid parameters.
network
low complexity
dedecms CWE-79
6.1
6.1
2022-08-17 CVE-2022-35516 Code Injection vulnerability in Dedecms
DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code execution vulnerability in login.php.
network
low complexity
dedecms CWE-94
critical
 9.8
9.8