Vulnerabilities > Dedecms
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-11-17 | CVE-2022-43192 | Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7.101 An arbitrary file upload vulnerability in the component /dede/file_manage_control.php of Dedecms v5.7.101 allows attackers to execute arbitrary code via a crafted PHP file. | 6.7 |
2022-11-09 | CVE-2022-43031 | Cross-Site Request Forgery (CSRF) vulnerability in Dedecms 6.1.9 DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords. | 8.8 |
2022-10-12 | CVE-2022-40921 | Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7.99 DedeCMS V5.7.99 was discovered to contain an arbitrary file upload vulnerability via the component /dede/file_manage_control.php. | 7.2 |
2022-10-03 | CVE-2022-40886 | Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7.98 DedeCMS 5.7.98 has a file upload vulnerability in the background. | 7.2 |
2022-05-26 | CVE-2022-30508 | Path Traversal vulnerability in Dedecms 5.7.93 DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter. | 6.5 |
2022-02-14 | CVE-2022-23337 | SQL Injection vulnerability in Dedecms 5.7.87 DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerability in article_coonepage_rule.php via the ids parameter. | 7.5 |
2021-10-22 | CVE-2020-23044 | Cross-site Scripting vulnerability in Dedecms 7.5 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_pic_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. | 3.5 |
2021-10-22 | CVE-2020-23046 | Cross-site Scripting vulnerability in Dedecms 7.5 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tpl.php via the `filename`, `mid`, `userid`, and `templet' parameters. | 4.3 |
2021-10-22 | CVE-2020-36490 | Cross-site Scripting vulnerability in Dedecms 7.5 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. | 3.5 |
2021-10-22 | CVE-2020-36491 | Cross-site Scripting vulnerability in Dedecms 7.5 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tags_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. | 3.5 |