Total
160 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-6335 | 1 Dedecms | 1 Dedecms | 2025-07-18 | N/A | 7.2 HIGH |
| A vulnerability was found in DedeCMS up to 5.7.2 and classified as critical. This issue affects some unknown processing of the file /include/dedetag.class.php of the component Template Handler. The manipulation of the argument notes leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5137 | 1 Dedecms | 1 Dedecms | 2025-06-10 | N/A | 7.2 HIGH |
| A vulnerability was found in DedeCMS 5.7.117. It has been classified as critical. Affected is an unknown function of the file dede/sys_verifies.php?action=getfiles of the component Incomplete Fix CVE-2018-9175. The manipulation of the argument refiles leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-22895 | 1 Dedecms | 1 Dedecms | 2025-06-05 | N/A | 8.8 HIGH |
| DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php. | |||||
| CVE-2023-49493 | 1 Dedecms | 1 Dedecms | 2025-05-28 | N/A | 6.1 MEDIUM |
| DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the v parameter at selectimages.php. | |||||
| CVE-2022-43031 | 1 Dedecms | 1 Dedecms | 2025-05-01 | N/A | 8.8 HIGH |
| DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords. | |||||
| CVE-2022-43192 | 1 Dedecms | 1 Dedecms | 2025-04-29 | N/A | 6.7 MEDIUM |
| An arbitrary file upload vulnerability in the component /dede/file_manage_control.php of Dedecms v5.7.101 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is related to an incomplete fix for CVE-2022-40886. | |||||
| CVE-2022-46442 | 1 Dedecms | 1 Dedecms | 2025-04-11 | N/A | 9.8 CRITICAL |
| dedecms <=V5.7.102 is vulnerable to SQL Injection. In sys_ sql_ n query.php there are no restrictions on the sql query. | |||||
| CVE-2024-3685 | 1 Dedecms | 1 Dedecms | 2025-04-08 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in DedeCMS 5.7.112-UTF8. Affected is an unknown function of the file stepselect_main.php. The manipulation of the argument ids leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260472. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-3686 | 1 Dedecms | 1 Dedecms | 2025-04-08 | N/A | 7.5 HIGH |
| A vulnerability has been found in DedeCMS 5.7.112-UTF8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file update_guide.php. The manipulation of the argument files leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260473 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-4790 | 1 Dedecms | 1 Dedecms | 2025-04-04 | N/A | 7.5 HIGH |
| A vulnerability classified as problematic has been found in DedeCMS 5.7.114. This affects an unknown part of the file /sys_verifies.php?action=view. The manipulation of the argument filename with the input ../../../../../etc/passwd leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263889 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-34959 | 1 Dedecms | 1 Dedecms | 2025-04-01 | N/A | N/A |
| DedeCMS V5.7.113 is vulnerable to Cross Site Scripting (XSS) via sys_data_replace.php. | |||||
| CVE-2024-35510 | 1 Dedecms | 1 Dedecms | 2025-04-01 | N/A | N/A |
| An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.114 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2024-34245 | 1 Dedecms | 1 Dedecms | 2025-04-01 | N/A | N/A |
| An arbitrary file read vulnerability in DedeCMS v5.7.114 allows authenticated attackers to read arbitrary files by specifying any path in makehtml_js_action.php. | |||||
| CVE-2024-33749 | 1 Dedecms | 1 Dedecms | 2025-04-01 | N/A | N/A |
| DedeCMS V5.7.114 is vulnerable to deletion of any file via mail_file_manage.php. | |||||
| CVE-2024-29660 | 1 Dedecms | 1 Dedecms | 2025-04-01 | N/A | N/A |
| Cross Site Scripting vulnerability in DedeCMS v.5.7 allows a local attacker to execute arbitrary code via a crafted payload to the stepselect_main.php component. | |||||
| CVE-2024-30946 | 1 Dedecms | 1 Dedecms | 2025-04-01 | N/A | N/A |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/co_do.php. | |||||
| CVE-2024-29661 | 1 Dedecms | 1 Dedecms | 2025-04-01 | N/A | N/A |
| A File Upload vulnerability in DedeCMS v5.7 allows a local attacker to execute arbitrary code via a crafted payload. | |||||
| CVE-2024-35375 | 1 Dedecms | 1 Dedecms | 2025-04-01 | N/A | N/A |
| There is an arbitrary file upload vulnerability on the media add .php page in the backend of the website in version 5.7.114 of DedeCMS | |||||
| CVE-2024-30965 | 1 Dedecms | 1 Dedecms | 2025-04-01 | N/A | N/A |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/member_scores.php. | |||||
| CVE-2024-57241 | 1 Dedecms | 1 Dedecms | 2025-04-01 | N/A | N/A |
| Dedecms 5.71sp1 and earlier is vulnerable to URL redirect. In the web application, a logic error does not judge the input GET request resulting in URL redirection. | |||||