Vulnerabilities > Dedecms > High

DATE CVE VULNERABILITY TITLE RISK
2024-09-22 CVE-2024-9076 OS Command Injection vulnerability in Dedecms
A vulnerability was found in DedeCMS up to 5.7.115.
network
low complexity
dedecms CWE-78
8.8
8.8
2024-07-21 CVE-2024-6940 Code Injection vulnerability in Dedecms 5.7.112
A vulnerability was found in DedeCMS 5.7.114.
network
low complexity
dedecms CWE-94
7.2
7.2
2024-01-22 CVE-2024-22895 Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7.112
DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php.
network
low complexity
dedecms CWE-434
8.8
8.8
2023-11-16 CVE-2023-43275 Cross-Site Request Forgery (CSRF) vulnerability in Dedecms 5.7
Cross-Site Request Forgery (CSRF) vulnerability in DedeCMS v5.7 in 110 backend management interface via /catalog_add.php, allows attackers to create crafted web pages due to a lack of verification of the token value of the submitted form.
network
low complexity
dedecms CWE-352
8.8
8.8
2023-09-30 CVE-2023-5301 OS Command Injection vulnerability in Dedecms 5.7.111
A vulnerability classified as critical was found in DedeCMS 5.7.111.
network
low complexity
dedecms CWE-78
8.8
8.8
2023-09-28 CVE-2023-43226 Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms
An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file.
network
low complexity
dedecms CWE-434
8.8
8.8
2023-09-17 CVE-2023-5022 Absolute Path Traversal vulnerability in Dedecms
A vulnerability has been found in DedeCMS up to 5.7.100 and classified as critical.
network
low complexity
dedecms CWE-36
8.8
8.8
2023-08-03 CVE-2023-36298 Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7.109
DedeCMS v5.7.109 has a File Upload vulnerability, leading to remote code execution (RCE).
network
low complexity
dedecms CWE-434
8.8
8.8
2023-05-27 CVE-2023-2928 Code Injection vulnerability in Dedecms
A vulnerability was found in DedeCMS up to 5.7.106.
network
low complexity
dedecms CWE-94
8.8
8.8
2023-04-29 CVE-2023-2424 Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7.106
A vulnerability was found in DedeCMS 5.7.106 and classified as critical.
network
low complexity
dedecms CWE-434
8.8
8.8