Vulnerabilities > Dedecms > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-27 | CVE-2023-30380 | Path Traversal vulnerability in Dedecms 5.7.107 An issue in the component /dialog/select_media.php of DedeCMS v5.7.107 allows attackers to execute a directory traversal. | 7.5 |
| 2023-04-17 | CVE-2023-27733 | SQL Injection vulnerability in Dedecms 5.7.106 DedeCMS v5.7.106 was discovered to contain a SQL injection vulnerability via the component /dede/sys_sql_query.php. | 7.2 |
| 2023-03-16 | CVE-2023-27707 | SQL Injection vulnerability in Dedecms SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dede/group_store.php endpoint. | 7.2 |
| 2023-03-16 | CVE-2023-27709 | SQL Injection vulnerability in Dedecms SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dedestory_catalog.php endpoint. | 7.2 |
| 2022-11-09 | CVE-2022-43031 | Cross-Site Request Forgery (CSRF) vulnerability in Dedecms 6.1.9 DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords. | 8.8 |
| 2022-10-12 | CVE-2022-40921 | Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7.99 DedeCMS V5.7.99 was discovered to contain an arbitrary file upload vulnerability via the component /dede/file_manage_control.php. | 7.2 |
| 2022-10-03 | CVE-2022-40886 | Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7.98 DedeCMS 5.7.98 has a file upload vulnerability in the background. | 7.2 |
| 2022-08-17 | CVE-2022-36216 | Code Injection vulnerability in Dedecms DedeCMS v5.7.94 - v5.7.97 was discovered to contain a remote code execution vulnerability in member_toadmin.php. | 7.2 |
| 2021-08-24 | CVE-2020-18917 | Cross-Site Request Forgery (CSRF) vulnerability in Dedecms 5.7 The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker's control. | 8.8 |
| 2021-05-15 | CVE-2021-32073 | Cross-Site Request Forgery (CSRF) vulnerability in Dedecms 5.7 DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution. | 8.8 |