Vulnerabilities > Dedecms

DATE CVE VULNERABILITY TITLE RISK
2022-11-17 CVE-2022-43192 Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7.101
An arbitrary file upload vulnerability in the component /dede/file_manage_control.php of Dedecms v5.7.101 allows attackers to execute arbitrary code via a crafted PHP file.
local
low complexity
dedecms CWE-434
6.7
6.7
2022-11-09 CVE-2022-43031 Cross-Site Request Forgery (CSRF) vulnerability in Dedecms 6.1.9
DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords.
network
low complexity
dedecms CWE-352
8.8
8.8
2022-10-12 CVE-2022-40921 Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7.99
DedeCMS V5.7.99 was discovered to contain an arbitrary file upload vulnerability via the component /dede/file_manage_control.php.
network
low complexity
dedecms CWE-434
7.2
7.2
2022-10-03 CVE-2022-40886 Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7.98
DedeCMS 5.7.98 has a file upload vulnerability in the background.
network
low complexity
dedecms CWE-434
7.2
7.2
2022-05-26 CVE-2022-30508 Path Traversal vulnerability in Dedecms 5.7.93
DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter.
network
low complexity
dedecms CWE-22
6.5
6.5
2022-02-14 CVE-2022-23337 SQL Injection vulnerability in Dedecms 5.7.87
DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerability in article_coonepage_rule.php via the ids parameter.
network
low complexity
dedecms CWE-89
7.5
7.5
2021-10-22 CVE-2020-23044 Cross-site Scripting vulnerability in Dedecms 7.5
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_pic_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
network
dedecms CWE-79
3.5
3.5
2021-10-22 CVE-2020-23046 Cross-site Scripting vulnerability in Dedecms 7.5
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tpl.php via the `filename`, `mid`, `userid`, and `templet' parameters.
network
dedecms CWE-79
4.3
4.3
2021-10-22 CVE-2020-36490 Cross-site Scripting vulnerability in Dedecms 7.5
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
network
dedecms CWE-79
3.5
3.5
2021-10-22 CVE-2020-36491 Cross-site Scripting vulnerability in Dedecms 7.5
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tags_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
network
dedecms CWE-79
3.5
3.5