Dedecms: >> Dedecms >> 5.7 Security Vulnerabilities
DedeCMS 5.7 SP2 has SQL Injection via the dede\co_do.php ids parameter.
CVSS Score
9.8
EPSS Score
0.006
Published
2018-11-07
DedeCMS 5.7 SP2 allows XSS via the /member/uploads_select.php f or keyword parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-10-29
Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/myfriend.php ftype parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-10-29
DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATH_INFO to /member/index.php, /member/pm.php, /member/content_list.php, or /plus/feedback.php.
CVSS Score
6.1
EPSS Score
0.079
Published
2018-10-23
DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-10-22
Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-10-22
DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "<file type='file' name='../" substring.
CVSS Score
7.2
EPSS Score
0.029
Published
2018-09-21
DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg parameter to /plus/feedback_ajax.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-09-21
XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell
CVSS Score
8.8
EPSS Score
0.007
Published
2018-09-19
DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=upload request with an upfile1 parameter, as demonstrated by uploading a .php file.
CVSS Score
9.8
EPSS Score
0.006
Published
2018-06-08