Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / dedecms

dedecms

165 tracked vulnerabilities.

CVE-2024-28429 MEDIUM

DedeCMS v5.7 - Cross-Site Request Forgery via archives_do.php

CVE-2024-22895 HIGH

DedeCMS 5.7.112 - Unrestricted Upload of File with Dangerous Type via module_upload.php

CVE-2023-52047 HIGH

dedecms v5.7.112 - Cross-Site Request Forgery in File Manager

CVE-2023-7212 MEDIUM

dedecms < 5.7.112 - Unrestricted File Upload in Backend file_class.php

CVE-2023-49494 MEDIUM NUCLEI

dedecms v5.7.111 - Reflected Cross-Site Scripting via select_media_post_wangEditor.php

CVE-2023-49493 MEDIUM

dedecms v5.7.111 - Reflected Cross-Site Scripting via selectimages.php v Parameter

CVE-2023-49492 MEDIUM

dedecms v5.7.111 - Reflected Cross-Site Scripting via imgstick Parameter

CVE-2023-43275 HIGH

DedeCMS v5.7 - Cross-Site Request Forgery via /catalog_add.php

CVE-2023-48068 MEDIUM

dedecms v6.2 - Cross-Site Scripting via spec_add.php

CVE-2023-5301 MEDIUM

dedecms 5.7.111 - OS Command Injection via albumUploadFiles Parameter in album_add.php

CVE-2023-43226 HIGH

dedecms < 5.7.111 - Arbitrary File Upload via Baidu News Module

CVE-2023-5022 MEDIUM

dedecms < 5.7.100 - Absolute Path Traversal via activepath Parameter

CVE-2023-40784 CRITICAL

dedecms 5.7.102 - Unrestricted Upload of File with Dangerous Type via module_make.php

CVE-2023-4747 MEDIUM

DedeCMS 5.7.110 - SQL Injection via tag_alias Parameter in tags.php

CVE-2023-40877 MEDIUM

dedecms <= 5.7.110 - Cross-Site Scripting via Title Parameter

CVE-2023-40876 MEDIUM

dedecms <= 5.7.110 - Cross-Site Scripting via Title Parameter

CVE-2023-40875 MEDIUM

dedecms <= 5.7.110 - Cross-Site Scripting via votename and votenote Parameters

CVE-2023-40874 MEDIUM

dedecms <= 5.7.110 - Cross-Site Scripting via votename and voteitem1 Parameters

CVE-2023-36298 HIGH

DedeCMS v5.7.109 - Unrestricted File Upload leading to Remote Code Execution

CVE-2023-34842 CRITICAL

dedecms <= 5.7.109 - Remote Code Execution via Crafted POST Request to /dede/tpl.php

CVE-2023-37839 CRITICAL

dedecms v5.7.109 - Arbitrary File Upload via file_manage_control.php

CVE-2023-3578 MEDIUM NUCLEI

dedecms 5.7.109 - Server-Side Request Forgery via co_do.php rssurl Parameter

CVE-2023-2928 MEDIUM

dedecms < 5.7.106 - Remote Code Injection via article_allowurl_edit.php allurls Parameter

CVE-2023-31757 MEDIUM

dedecms <= 5.7.108 - Cross-Site Scripting via sys_info.php Parameters

CVE-2023-2424 MEDIUM

DedeCMS 5.7.106 - Unrestricted File Upload via UpDateMemberModCache Function

Previous Page 4 of 7 Next

Products

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy