Dedebiz: >> Dedebiz Security Vulnerabilities
A security vulnerability has been detected in DedeBIZ up to 6.5.9. Affected by this vulnerability is an unknown functionality of the file /src/admin/catalog_add.php. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
CVSS Score
4.7
EPSS Score
0.003
Published
2025-12-14
A security vulnerability has been detected in DedeBIZ up to 6.3.2. The impacted element is an unknown function of the file /admin/archives_add.php. Such manipulation of the argument flags[] leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
CVSS Score
4.7
EPSS Score
0.0
Published
2025-11-10
A vulnerability was determined in DedeBIZ up to 6.3.2. Affected by this vulnerability is an unknown functionality of the file /admin/spec_add.php. This manipulation of the argument flags[] causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
CVSS Score
4.7
EPSS Score
0.0
Published
2025-11-07
A vulnerability was found in DedeBIZ up to 6.3.2. Affected is an unknown function of the file /admin/freelist_main.php. The manipulation of the argument orderby results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.
CVSS Score
4.7
EPSS Score
0.0
Published
2025-11-07
A vulnerability has been found in DedeBIZ up to 6.3.2. This impacts an unknown function of the file /admin/templets_one_edit.php. The manipulation of the argument ids leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
CVSS Score
4.7
EPSS Score
0.0
Published
2025-11-07
An arbitrary file upload vulnerability in the component /admin/file_manage_control of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file.
CVSS Score
9.8
EPSS Score
0.008
Published
2024-11-20
DedeBIZ v6.3.0 was discovered to contain an arbitrary file deletion vulnerability via the component /admin/file_manage_view.
CVSS Score
9.1
EPSS Score
0.009
Published
2024-11-20
An arbitrary file upload vulnerability in the component /admin/friendlink_edit of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file.
CVSS Score
7.2
EPSS Score
0.003
Published
2024-11-20
A cross-site scripting (XSS) vulnerability in DedeBIZ v6.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS Score
6.1
EPSS Score
0.003
Published
2024-08-29
A cross-site scripting (XSS) vulnerability in DedeBIZ v6.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS Score
6.1
EPSS Score
0.003
Published
2024-08-29
Page 1