Vulnerabilities > Dedecms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-29 | CVE-2023-2424 | Unspecified vulnerability in Dedecms 5.7.106 A vulnerability was found in DedeCMS 5.7.106 and classified as critical. | 8.8 |
| 2023-04-27 | CVE-2023-30380 | Path Traversal vulnerability in Dedecms 5.7.107 An issue in the component /dialog/select_media.php of DedeCMS v5.7.107 allows attackers to execute a directory traversal. | 7.5 |
| 2023-04-17 | CVE-2023-27733 | SQL Injection vulnerability in Dedecms 5.7.106 DedeCMS v5.7.106 was discovered to contain a SQL injection vulnerability via the component /dede/sys_sql_query.php. | 7.2 |
| 2023-04-14 | CVE-2023-2059 | Unspecified vulnerability in Dedecms 5.7.87 A vulnerability was found in DedeCMS 5.7.87. | 5.3 |
| 2023-04-14 | CVE-2023-2056 | Unspecified vulnerability in Dedecms A vulnerability was found in DedeCMS up to 5.7.87 and classified as critical. | 9.8 |
| 2023-03-16 | CVE-2023-27707 | SQL Injection vulnerability in Dedecms SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dede/group_store.php endpoint. | 7.2 |
| 2023-03-16 | CVE-2023-27709 | SQL Injection vulnerability in Dedecms SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dedestory_catalog.php endpoint. | 7.2 |
| 2023-02-02 | CVE-2022-48140 | Cross-site Scripting vulnerability in Dedecms 5.7.97 DedeCMS v5.7.97 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /file_manage_view.php?fmdo=edit&filename. | 5.4 |
| 2022-12-27 | CVE-2022-46442 | SQL Injection vulnerability in Dedecms dedecms <=V5.7.102 is vulnerable to SQL Injection. | 9.8 |
| 2022-11-17 | CVE-2022-43192 | Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7.101 An arbitrary file upload vulnerability in the component /dede/file_manage_control.php of Dedecms v5.7.101 allows attackers to execute arbitrary code via a crafted PHP file. | 6.7 |