Description
Multiple SQL injection vulnerabilities in DeDeCMS, possibly 5.6, allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) list.php, (2) members.php, or (3) book.php.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by CWH & Nafsh · textwebappsphp
https://www.exploit-db.com/exploits/18292
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/82508
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/82506
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/82507
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/72034
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/18292
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/51211
Scores
EPSS
0.0034
EPSS Percentile
56.2%
Details
CWE
CWE-89
Status
published
Products (1)
dedecms/dedecms
5.6
Published
Sep 23, 2012
Tracked Since
Feb 18, 2026