Dedecms: >> Dedecms Security Vulnerabilities
DedeCMS v5.7.97 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /file_manage_view.php?fmdo=edit&filename.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-02-02
dedecms <=V5.7.102 is vulnerable to SQL Injection. In sys_ sql_ n query.php there are no restrictions on the sql query.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-12-27
An arbitrary file upload vulnerability in the component /dede/file_manage_control.php of Dedecms v5.7.101 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is related to an incomplete fix for CVE-2022-40886.
CVSS Score
6.7
EPSS Score
0.0
Published
2022-11-17
DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-11-09
DedeCMS V5.7.99 was discovered to contain an arbitrary file upload vulnerability via the component /dede/file_manage_control.php.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-10-12
DedeCMS 5.7.98 has a file upload vulnerability in the background.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-10-03
DedeCMS V5.7.97 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/co_do.php via the dopost, rpok, and aid parameters.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-09-01
DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code execution vulnerability in login.php.
CVSS Score
9.8
EPSS Score
0.056
Published
2022-08-17
DedeCMS v5.7.94 - v5.7.97 was discovered to contain a remote code execution vulnerability in member_toadmin.php.
CVSS Score
7.2
EPSS Score
0.012
Published
2022-08-17
DedeCMS v5.7.95 was discovered to contain a remote code execution (RCE) vulnerability via the component mytag_ main.php.
CVSS Score
9.8
EPSS Score
0.648
Published
2022-07-29