Shodan
Vulnerabilities
Vulnerable Software
Dedecms:  >> Dedecms  Security Vulnerabilities
CVE-2020-36495
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `filename`, `mid`, `userid`, and `templet' parameters.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-10-22
CVE-2020-36496
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component sys_admin_user_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-10-22
CVE-2020-36497
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component makehtml_homepage.php via the `filename`, `mid`, `userid`, and `templet' parameters.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-10-22
CVE-2020-23044
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_pic_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-10-22
CVE-2020-23046
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tpl.php via the `filename`, `mid`, `userid`, and `templet' parameters.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-10-22
CVE-2020-18114
An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows attackers to upload a webshell in HTM format.
CVSS Score
9.8
EPSS Score
0.011
Published
2021-08-27
CVE-2020-18917
The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker's control.
CVSS Score
8.8
EPSS Score
0.002
Published
2021-08-24
CVE-2020-22198
SQL Injection vulnerability in DedeCMS 5.7 via mdescription parameter to member/ajax_membergroup.php.
CVSS Score
9.8
EPSS Score
0.009
Published
2021-06-16
CVE-2020-16632
A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter.
CVSS Score
5.4
EPSS Score
0.004
Published
2021-05-15
CVE-2021-32073
DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution.
CVSS Score
8.8
EPSS Score
0.004
Published
2021-05-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved