Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / dedecms

dedecms

165 tracked vulnerabilities.

CVE-2026-30643 CRITICAL

dedecms < 5.7.118 - Remote Code Execution via Crafted Setup Tag Values

CVE-2026-29839 HIGH

DedeCMS v5.7.118 - Cross-Site Request Forgery in sys_task_add.php

CVE-2026-30694 CRITICAL

DedeCMS <=5.7.118 array_filter - Remote Code Execution

CVE-2025-15004 MEDIUM

dedecms < 5.7.118 - SQL Injection via freelist_main.php orderby Parameter

CVE-2025-6335 MEDIUM

dedecms < 5.7.2 - Remote Command Injection via Template Handler

CVE-2025-5137 MEDIUM

DedeCMS 5.7.117 - Remote Code Injection via sys_verifies.php refiles Parameter

CVE-2024-30855 HIGH

DedeCMS v5.7 - Cross-Site Request Forgery via makehtml_list_action.php

CVE-2024-57241 MEDIUM NUCLEI

dedecms 5.71sp1 - URL Redirection via GET Request

CVE-2024-12183 LOW

dedecms < 5.7.116 - Cross-Site Scripting via RemoveXSS Function in /plus/carbuyaction.php

CVE-2024-12182 LOW

dedecms < 5.7.116 - Cross-Site Scripting via /member/soft_add.php body Parameter

CVE-2024-12181 LOW

dedecms < 5.7.116 - Cross-Site Scripting via mediatype Parameter in SWF File Handler

CVE-2024-12180 LOW

dedecms < 5.7.116 - Cross-Site Scripting via article_add.php body Parameter

CVE-2024-11138 LOW

DedeCMS 5.7.116 - Unrestricted File Upload via logoimg Parameter

CVE-2024-9076 MEDIUM

dedecms < 5.7.115 - OS Command Injection via article_string_mix.php

CVE-2024-46373 HIGH

dedecms V5.7.115 - Authenticated Arbitrary Code Execution via File Upload

CVE-2024-46372 MEDIUM

dedecms 5.7.115 - Stored Cross-Site Scripting via Advertisement Code Box

CVE-2024-42636 HIGH

DedeCMS V5.7.115 - Command Injection

CVE-2024-6940 MEDIUM

DedeCMS 5.7.114 - Remote Code Injection in article_template_rand.php

CVE-2024-35510 CRITICAL

dedecms v5.7.114 - Arbitrary File Upload via file_manage_control.php

CVE-2024-35375 CRITICAL

dedecms 5.7.114 - Unauthenticated Arbitrary File Upload via Media Add Page

CVE-2024-34959 MEDIUM

dedecms V5.7.113 - Cross-Site Scripting via sys_data_replace.php

CVE-2024-4790 MEDIUM

DedeCMS 5.7.114 - Path Traversal via sys_verifies.php filename Parameter

CVE-2024-34245 MEDIUM

dedecms v5.7.114 - Authenticated Arbitrary File Read via makehtml_js_action.php

CVE-2024-4594 MEDIUM

DedeCMS 5.7 - Cross-Site Request Forgery in sys_safe.php

CVE-2024-4593 MEDIUM

DedeCMS 5.7 - Cross-Site Request Forgery in sys_multiserv.php

Page 1 of 7 Next

Products

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy