Vulnerabilities > Dedecms > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-04-14 CVE-2023-2059 Path Traversal: '..filedir' vulnerability in Dedecms 5.7.87
A vulnerability was found in DedeCMS 5.7.87.
network
low complexity
dedecms CWE-28
5.3
5.3
2023-02-02 CVE-2022-48140 Cross-site Scripting vulnerability in Dedecms 5.7.97
DedeCMS v5.7.97 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /file_manage_view.php?fmdo=edit&filename.
network
low complexity
dedecms CWE-79
5.4
5.4
2022-11-17 CVE-2022-43192 Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7.101
An arbitrary file upload vulnerability in the component /dede/file_manage_control.php of Dedecms v5.7.101 allows attackers to execute arbitrary code via a crafted PHP file.
local
low complexity
dedecms CWE-434
6.7
6.7
2022-05-26 CVE-2022-30508 Path Traversal vulnerability in Dedecms 5.7.93
DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter.
network
low complexity
dedecms CWE-22
6.5
6.5
2021-10-22 CVE-2020-23046 Cross-site Scripting vulnerability in Dedecms 7.5
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tpl.php via the `filename`, `mid`, `userid`, and `templet' parameters.
network
dedecms CWE-79
4.3
4.3
2021-10-22 CVE-2020-36494 Cross-site Scripting vulnerability in Dedecms 7.5
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component mychannel_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters.
network
dedecms CWE-79
4.3
4.3
2021-10-22 CVE-2020-36495 Cross-site Scripting vulnerability in Dedecms 7.5
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `filename`, `mid`, `userid`, and `templet' parameters.
network
dedecms CWE-79
4.3
4.3
2021-10-22 CVE-2020-36496 Cross-site Scripting vulnerability in Dedecms 7.5
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component sys_admin_user_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters.
network
dedecms CWE-79
4.3
4.3
2021-10-22 CVE-2020-36497 Cross-site Scripting vulnerability in Dedecms 7.5
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component makehtml_homepage.php via the `filename`, `mid`, `userid`, and `templet' parameters.
network
dedecms CWE-79
4.3
4.3
2021-08-24 CVE-2020-18917 Cross-Site Request Forgery (CSRF) vulnerability in Dedecms 5.7
The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker's control.
network
dedecms CWE-352
6.8
6.8