Vulnerabilities > Dedecms > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-11-12 CVE-2024-11138 Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7.116
A vulnerability classified as problematic has been found in DedeCMS 5.7.116.
network
low complexity
dedecms CWE-434
critical
 9.8
9.8
2024-01-07 CVE-2023-7212 Unspecified vulnerability in Dedecms
A vulnerability classified as critical has been found in DeDeCMS up to 5.7.112.
network
low complexity
dedecms
critical
 9.8
9.8
2023-09-12 CVE-2023-40784 Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7.102
DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/module_make.php.
network
low complexity
dedecms CWE-434
critical
 9.8
9.8
2023-09-04 CVE-2023-4747 Unspecified vulnerability in Dedecms 5.7.110
A vulnerability classified as critical was found in DedeCMS 5.7.110.
network
low complexity
dedecms
critical
 9.8
9.8
2023-07-31 CVE-2023-34842 Code Injection vulnerability in Dedecms
Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows remote attackers to run arbitrary code via crafted POST request to /dede/tpl.php.
network
low complexity
dedecms CWE-94
critical
 9.8
9.8
2023-07-13 CVE-2023-37839 Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7.109
An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.109 allows attackers to execute arbitrary code via uploading a crafted PHP file.
network
low complexity
dedecms CWE-434
critical
 9.8
9.8
2023-07-10 CVE-2023-3578 Unspecified vulnerability in Dedecms 5.7.109
A vulnerability classified as critical was found in DedeCMS 5.7.109.
network
low complexity
dedecms
critical
 9.8
9.8
2023-04-14 CVE-2023-2056 Unspecified vulnerability in Dedecms
A vulnerability was found in DedeCMS up to 5.7.87 and classified as critical.
network
low complexity
dedecms
critical
 9.8
9.8
2022-12-27 CVE-2022-46442 SQL Injection vulnerability in Dedecms
dedecms <=V5.7.102 is vulnerable to SQL Injection.
network
low complexity
dedecms CWE-89
critical
 9.8
9.8
2022-08-17 CVE-2022-35516 Code Injection vulnerability in Dedecms
DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code execution vulnerability in login.php.
network
low complexity
dedecms CWE-94
critical
 9.8
9.8