Dedecms: >> Dedecms >> 5.6 Security Vulnerabilities
DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=upload request with an upfile1 parameter, as demonstrated by uploading a .php file.
CVSS Score
9.8
EPSS Score
0.006
Published
2018-06-08
DedeCMS through 5.7SP2 allows arbitrary file write in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file.
CVSS Score
7.5
EPSS Score
0.002
Published
2018-06-08
DedeCMS through 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in the templet parameter to member/article_edit.php.
CVSS Score
8.8
EPSS Score
0.007
Published
2017-12-18
DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-12-18
DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php.
CVSS Score
9.8
EPSS Score
0.849
Published
2017-12-18
Multiple SQL injection vulnerabilities in DeDeCMS, possibly 5.6, allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) list.php, (2) members.php, or (3) book.php.
CVSS Score
7.5
EPSS Score
0.003
Published
2012-09-23
Page 3