Vulnerabilities > Dedecms

DATE	CVE	VULNERABILITY TITLE	RISK
2022-11-09	CVE-2022-43031	Cross-Site Request Forgery (CSRF) vulnerability in Dedecms 6.1.9 DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords. network low complexity dedecms CWE-352	8.8
2022-10-12	CVE-2022-40921	Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7.99 DedeCMS V5.7.99 was discovered to contain an arbitrary file upload vulnerability via the component /dede/file_manage_control.php. network low complexity dedecms CWE-434	7.2
2022-10-03	CVE-2022-40886	Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7.98 DedeCMS 5.7.98 has a file upload vulnerability in the background. network low complexity dedecms CWE-434	7.2
2022-09-01	CVE-2022-36583	Cross-site Scripting vulnerability in Dedecms 5.7.97 DedeCMS V5.7.97 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/co_do.php via the dopost, rpok, and aid parameters. network low complexity dedecms CWE-79	6.1
2022-08-17	CVE-2022-35516	Code Injection vulnerability in Dedecms DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code execution vulnerability in login.php. network low complexity dedecms CWE-94 critical	9.8
2022-08-17	CVE-2022-36216	Code Injection vulnerability in Dedecms DedeCMS v5.7.94 - v5.7.97 was discovered to contain a remote code execution vulnerability in member_toadmin.php. network low complexity dedecms CWE-94	7.2
2022-07-29	CVE-2022-34531	Unspecified vulnerability in Dedecms 5.7.95 DedeCMS v5.7.95 was discovered to contain a remote code execution (RCE) vulnerability via the component mytag_ main.php. network low complexity dedecms critical	9.8
2022-05-26	CVE-2022-30508	Path Traversal vulnerability in Dedecms 5.7.93 DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter. network low complexity dedecms CWE-22	6.5
2022-02-14	CVE-2022-23337	SQL Injection vulnerability in Dedecms 5.7.87 DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerability in article_coonepage_rule.php via the ids parameter. network low complexity dedecms CWE-89 critical	9.8
2021-10-22	CVE-2020-23044	Cross-site Scripting vulnerability in Dedecms 7.5 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_pic_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. network low complexity dedecms CWE-79	5.4

Vulnerabilities > Dedecms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Dedecms"}]}

Vulnerabilities > Dedecms