Vulnerabilities > Dedecms > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-29 | CVE-2022-34531 | Unspecified vulnerability in Dedecms 5.7.95 DedeCMS v5.7.95 was discovered to contain a remote code execution (RCE) vulnerability via the component mytag_ main.php. | 9.8 |
| 2022-02-14 | CVE-2022-23337 | SQL Injection vulnerability in Dedecms 5.7.87 DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerability in article_coonepage_rule.php via the ids parameter. | 9.8 |
| 2021-08-27 | CVE-2020-18114 | Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7 An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows attackers to upload a webshell in HTM format. | 9.8 |
| 2021-06-16 | CVE-2020-22198 | SQL Injection vulnerability in Dedecms 5.7 SQL Injection vulnerability in DedeCMS 5.7 via mdescription parameter to member/ajax_membergroup.php. | 9.8 |
| 2018-11-07 | CVE-2018-19061 | SQL Injection vulnerability in Dedecms 5.7 DedeCMS 5.7 SP2 has SQL Injection via the dede\co_do.php ids parameter. | 9.8 |
| 2018-06-08 | CVE-2018-12045 | Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.5/5.6/5.7 DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=upload request with an upfile1 parameter, as demonstrated by uploading a .php file. | 9.8 |
| 2018-04-25 | CVE-2018-10375 | Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7 A file uploading vulnerability exists in /include/helpers/upload.helper.php in DedeCMS V5.7 SP2, which can be utilized by attackers to upload and execute arbitrary PHP code via the /dede/archives_do.php?dopost=uploadLitpic litpic parameter when "Content-Type: image/jpeg" is sent, but the filename ends in .php and contains PHP code. | 9.8 |
| 2018-04-02 | CVE-2018-9175 | Code Injection vulnerability in Dedecms 5.7 DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the egroup parameter to uploads/dede/stepselect_main.php because code within the database is accessible to uploads/dede/sys_cache_up.php. | 9.8 |
| 2018-04-02 | CVE-2018-9174 | Code Injection vulnerability in Dedecms 5.7 sys_verifies.php in DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the refiles array parameter, because the contents of modifytmp.inc are under an attacker's control. | 9.8 |
| 2017-12-18 | CVE-2017-17731 | SQL Injection vulnerability in Dedecms 5.5/5.6 DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php. | 9.8 |