Total
88 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-40876 | 1 Dedecms | 1 Dedecms | 2023-12-10 | N/A | 5.4 MEDIUM |
DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_add.php via the title parameter. | |||||
CVE-2023-40874 | 1 Dedecms | 1 Dedecms | 2023-12-10 | N/A | 5.4 MEDIUM |
DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_add.php via the votename and voteitem1 parameters. | |||||
CVE-2023-40877 | 1 Dedecms | 1 Dedecms | 2023-12-10 | N/A | 5.4 MEDIUM |
DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_edit.php via the title parameter. | |||||
CVE-2023-40784 | 1 Dedecms | 1 Dedecms | 2023-12-10 | N/A | 9.8 CRITICAL |
DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/module_make.php. | |||||
CVE-2023-27733 | 1 Dedecms | 1 Dedecms | 2023-12-10 | N/A | 7.2 HIGH |
DedeCMS v5.7.106 was discovered to contain a SQL injection vulnerability via the component /dede/sys_sql_query.php. | |||||
CVE-2023-31757 | 1 Dedecms | 1 Dedecms | 2023-12-10 | N/A | 5.4 MEDIUM |
DedeCMS up to v5.7.108 is vulnerable to XSS in sys_info.php via parameters 'edit___cfg_powerby' and 'edit___cfg_beian' | |||||
CVE-2023-30380 | 1 Dedecms | 1 Dedecms | 2023-12-10 | N/A | 7.5 HIGH |
An issue in the component /dialog/select_media.php of DedeCMS v5.7.107 allows attackers to execute a directory traversal. | |||||
CVE-2023-27707 | 1 Dedecms | 1 Dedecms | 2023-12-10 | N/A | 7.2 HIGH |
SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dede/group_store.php endpoint. | |||||
CVE-2023-27709 | 1 Dedecms | 1 Dedecms | 2023-12-10 | N/A | 7.2 HIGH |
SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dedestory_catalog.php endpoint. | |||||
CVE-2022-48140 | 1 Dedecms | 1 Dedecms | 2023-12-10 | N/A | 5.4 MEDIUM |
DedeCMS v5.7.97 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /file_manage_view.php?fmdo=edit&filename. | |||||
CVE-2022-46442 | 1 Dedecms | 1 Dedecms | 2023-12-10 | N/A | 9.8 CRITICAL |
dedecms <=V5.7.102 is vulnerable to SQL Injection. In sys_ sql_ n query.php there are no restrictions on the sql query. | |||||
CVE-2022-43192 | 1 Dedecms | 1 Dedecms | 2023-12-10 | N/A | 6.7 MEDIUM |
An arbitrary file upload vulnerability in the component /dede/file_manage_control.php of Dedecms v5.7.101 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is related to an incomplete fix for CVE-2022-40886. | |||||
CVE-2022-40921 | 1 Dedecms | 1 Dedecms | 2023-12-10 | N/A | 7.2 HIGH |
DedeCMS V5.7.99 was discovered to contain an arbitrary file upload vulnerability via the component /dede/file_manage_control.php. | |||||
CVE-2022-36216 | 1 Dedecms | 1 Dedecms | 2023-12-10 | N/A | 7.2 HIGH |
DedeCMS v5.7.94 - v5.7.97 was discovered to contain a remote code execution vulnerability in member_toadmin.php. | |||||
CVE-2022-40886 | 1 Dedecms | 1 Dedecms | 2023-12-10 | N/A | 7.2 HIGH |
DedeCMS 5.7.98 has a file upload vulnerability in the background. | |||||
CVE-2022-34531 | 1 Dedecms | 1 Dedecms | 2023-12-10 | N/A | 9.8 CRITICAL |
DedeCMS v5.7.95 was discovered to contain a remote code execution (RCE) vulnerability via the component mytag_ main.php. | |||||
CVE-2022-35516 | 1 Dedecms | 1 Dedecms | 2023-12-10 | N/A | 9.8 CRITICAL |
DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code execution vulnerability in login.php. | |||||
CVE-2022-36583 | 1 Dedecms | 1 Dedecms | 2023-12-10 | N/A | 6.1 MEDIUM |
DedeCMS V5.7.97 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/co_do.php via the dopost, rpok, and aid parameters. | |||||
CVE-2022-43031 | 1 Dedecms | 1 Dedecms | 2023-12-10 | N/A | 8.8 HIGH |
DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords. | |||||
CVE-2022-23337 | 1 Dedecms | 1 Dedecms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerability in article_coonepage_rule.php via the ids parameter. |