Vulnerabilities > Dedecms > High

DATE CVE VULNERABILITY TITLE RISK
2023-04-27 CVE-2023-30380 Path Traversal vulnerability in Dedecms 5.7.107
An issue in the component /dialog/select_media.php of DedeCMS v5.7.107 allows attackers to execute a directory traversal.
network
low complexity
dedecms CWE-22
7.5
7.5
2023-04-17 CVE-2023-27733 SQL Injection vulnerability in Dedecms 5.7.106
DedeCMS v5.7.106 was discovered to contain a SQL injection vulnerability via the component /dede/sys_sql_query.php.
network
low complexity
dedecms CWE-89
7.2
7.2
2023-03-16 CVE-2023-27707 SQL Injection vulnerability in Dedecms
SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dede/group_store.php endpoint.
network
low complexity
dedecms CWE-89
7.2
7.2
2023-03-16 CVE-2023-27709 SQL Injection vulnerability in Dedecms
SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dedestory_catalog.php endpoint.
network
low complexity
dedecms CWE-89
7.2
7.2
2022-11-09 CVE-2022-43031 Cross-Site Request Forgery (CSRF) vulnerability in Dedecms 6.1.9
DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords.
network
low complexity
dedecms CWE-352
8.8
8.8
2022-10-12 CVE-2022-40921 Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7.99
DedeCMS V5.7.99 was discovered to contain an arbitrary file upload vulnerability via the component /dede/file_manage_control.php.
network
low complexity
dedecms CWE-434
7.2
7.2
2022-10-03 CVE-2022-40886 Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7.98
DedeCMS 5.7.98 has a file upload vulnerability in the background.
network
low complexity
dedecms CWE-434
7.2
7.2
2022-02-14 CVE-2022-23337 SQL Injection vulnerability in Dedecms 5.7.87
DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerability in article_coonepage_rule.php via the ids parameter.
network
low complexity
dedecms CWE-89
7.5
7.5
2021-08-27 CVE-2020-18114 Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7
An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows attackers to upload a webshell in HTM format.
network
low complexity
dedecms CWE-434
7.5
7.5
2021-06-16 CVE-2020-22198 SQL Injection vulnerability in Dedecms 5.7
SQL Injection vulnerability in DedeCMS 5.7 via mdescription parameter to member/ajax_membergroup.php.
network
low complexity
dedecms CWE-89
7.5
7.5