threat
engine
.sh
Back
·
··:··
Home
/
Product
/
dedecms
Product
dedecms
165 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-30643
<= 5.7.118
An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module upload.
9.8
CRITICAL
CVE-2026-29839
all versions
DedeCMS v5.7.118 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability in /sys_task_add.php.
8.8
HIGH
CVE-2026-30694
<= 5.7.118
An issue in DedeCMS v.5.7.118 and before allows a remote attacker to execute arbitrary code via the array_filter component
9.8
CRITICAL
CVE-2024-30855
all versions
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/makehtml_list_action.php.
8.8
HIGH
CVE-2025-15004
<= 5.7.118
A vulnerability was identified in DedeCMS up to 5.7.118. This impacts an unknown function of the file /freelist_main.php. The mani
6.3
MEDIUM
CVE-2025-6335
< 5.7.2
A vulnerability was found in DedeCMS up to 5.7.2 and classified as critical. This issue affects some unknown processing of the fil
4.7
MEDIUM
CVE-2025-5137
all versions
A vulnerability was found in DedeCMS 5.7.117. It has been classified as critical. Affected is an unknown function of the file dede
4.7
MEDIUM
CVE-2024-57241
all versions
Dedecms 5.71sp1 and earlier is vulnerable to URL redirect. In the web application, a logic error does not judge the input GET requ
6.5
MEDIUM
CVE-2024-12183
< 5.7.116
A vulnerability, which was classified as problematic, was found in DedeCMS 5.7.116. This affects the function RemoveXSS of the fil
3.5
LOW
CVE-2024-12182
< 5.7.116
A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7.116. Affected by this issue is some unknown fu
3.5
LOW
CVE-2024-12181
< 5.7.116
A vulnerability classified as problematic was found in DedeCMS 5.7.116. Affected by this vulnerability is an unknown functionality
3.5
LOW
CVE-2024-12180
< 5.7.116
A vulnerability classified as problematic has been found in DedeCMS 5.7.116. Affected is an unknown function of the file /member/a
3.5
LOW
CVE-2024-11138
all versions
A vulnerability classified as problematic has been found in DedeCMS 5.7.116. This affects an unknown part of the file /dede/upload
2.7
LOW
CVE-2024-9076
<= 5.7.115
A vulnerability was found in DedeCMS up to 5.7.115. It has been rated as critical. This issue affects some unknown processing of t
4.7
MEDIUM
CVE-2024-46373
all versions
Dedecms V5.7.115 contains an arbitrary code execution via file upload vulnerability in the backend.
8.8
HIGH
CVE-2024-46372
all versions
DedeCMS 5.7.115 is vulnerable to Cross Site Scripting (XSS) via the advertisement code box in the advertisement management module.
6.1
MEDIUM
CVE-2024-42636
all versions
DedeCMS V5.7.115 has a command execution vulnerability via file_manage_view.php?fmdo=newfile&activepath.
7.2
HIGH
CVE-2024-6940
all versions
A vulnerability was found in DedeCMS 5.7.114. It has been classified as critical. This affects an unknown part of the file article
4.7
MEDIUM
CVE-2024-35510
all versions
An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.114 allows attackers to execute arbitrary
9.8
CRITICAL
CVE-2024-35375
all versions
There is an arbitrary file upload vulnerability on the media add .php page in the backend of the website in version 5.7.114 of Ded
9.8
CRITICAL
CVE-2024-34959
all versions
DedeCMS V5.7.113 is vulnerable to Cross Site Scripting (XSS) via sys_data_replace.php.
5.5
MEDIUM
CVE-2024-4790
all versions
A vulnerability classified as problematic has been found in DedeCMS 5.7.114. This affects an unknown part of the file /sys_verifie
4.3
MEDIUM
CVE-2024-34245
all versions
An arbitrary file read vulnerability in DedeCMS v5.7.114 allows authenticated attackers to read arbitrary files by specifying any
6.5
MEDIUM
CVE-2024-4594
all versions
A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. Affected is an unknown function of the file /src/d
4.3
MEDIUM
CVE-2024-4593
all versions
A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. This issue affects some unknown processing of
4.3
MEDIUM
CVE-2024-4592
all versions
A vulnerability classified as problematic was found in DedeCMS 5.7. This vulnerability affects unknown code of the file /src/dede/
4.3
MEDIUM
CVE-2024-4591
all versions
A vulnerability classified as problematic has been found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/sys_gr
4.3
MEDIUM
CVE-2024-4590
all versions
A vulnerability was found in DedeCMS 5.7. It has been rated as problematic. Affected by this issue is some unknown functionality o
4.3
MEDIUM
CVE-2024-4589
all versions
A vulnerability was found in DedeCMS 5.7. It has been declared as problematic. Affected by this vulnerability is an unknown functi
4.3
MEDIUM
CVE-2024-4588
all versions
A vulnerability was found in DedeCMS 5.7. It has been classified as problematic. Affected is an unknown function of the file /src/
4.3
MEDIUM
CVE-2024-4587
all versions
A vulnerability was found in DedeCMS 5.7 and classified as problematic. This issue affects some unknown processing of the file /sr
4.3
MEDIUM
CVE-2024-4586
all versions
A vulnerability has been found in DedeCMS 5.7 and classified as problematic. This vulnerability affects unknown code of the file /
4.3
MEDIUM
CVE-2024-4585
all versions
A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. This affects an unknown part of the file /src/dede
4.3
MEDIUM
CVE-2024-33749
all versions
DedeCMS V5.7.114 is vulnerable to deletion of any file via mail_file_manage.php.
9.1
CRITICAL
CVE-2024-33371
all versions
Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remote attacker to execute arbitrary code via the typeid paramete
6.1
MEDIUM
CVE-2024-33401
all versions
Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remote attacker to run arbitrary code via the mnum parameter.
4.4
MEDIUM
CVE-2024-29660
all versions
Cross Site Scripting vulnerability in DedeCMS v.5.7 allows a local attacker to execute arbitrary code via a crafted payload to the
5.3
MEDIUM
CVE-2024-29661
all versions
A File Upload vulnerability in DedeCMS v5.7 allows a local attacker to execute arbitrary code via a crafted payload.
9.8
CRITICAL
CVE-2024-3686
all versions
A vulnerability has been found in DedeCMS 5.7.112-UTF8 and classified as problematic. Affected by this vulnerability is an unknown
4.3
MEDIUM
CVE-2024-3685
all versions
A vulnerability, which was classified as critical, was found in DedeCMS 5.7.112-UTF8. Affected is an unknown function of the file
6.3
MEDIUM
CVE-2024-30965
all versions
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/member_scores.php.
8.8
HIGH
CVE-2024-30946
all versions
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/co_do.php.
5.5
MEDIUM
CVE-2024-3148
all versions
A vulnerability, which was classified as critical, has been found in DedeCMS 5.7.112. This issue affects some unknown processing o
6.3
MEDIUM
CVE-2024-3147
all versions
A vulnerability classified as problematic was found in DedeCMS 5.7. This vulnerability affects unknown code of the file /src/dede/
4.3
MEDIUM
CVE-2024-3146
all versions
A vulnerability classified as problematic has been found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/makeht
4.3
MEDIUM
CVE-2024-3145
all versions
A vulnerability was found in DedeCMS 5.7. It has been rated as problematic. Affected by this issue is some unknown functionality o
4.3
MEDIUM
CVE-2024-3144
all versions
A vulnerability was found in DedeCMS 5.7. It has been declared as problematic. Affected by this vulnerability is an unknown functi
4.3
MEDIUM
CVE-2024-3143
all versions
A vulnerability was found in DedeCMS 5.7. It has been classified as problematic. Affected is an unknown function of the file /src/
4.3
MEDIUM
CVE-2024-29684
all versions
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /src/dede/makehtml_homepage.php allow
9.8
CRITICAL
CVE-2024-2823
all versions
A vulnerability has been found in DedeCMS 5.7 and classified as problematic. This vulnerability affects unknown code of the file /
4.3
MEDIUM
CVE-2024-2822
all versions
A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. This affects an unknown part of the file /src/dede
4.3
MEDIUM
CVE-2024-2821
all versions
A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. Affected by this issue is some unknown functi
4.3
MEDIUM
CVE-2024-2820
all versions
A vulnerability classified as problematic was found in DedeCMS 5.7. Affected by this vulnerability is an unknown functionality of
4.3
MEDIUM
CVE-2024-28683
all versions
DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via create file.
6.1
MEDIUM
CVE-2024-28682
all versions
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/sys_cache_up.php.
6.3
MEDIUM
CVE-2024-28681
all versions
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/plus_edit.php.
6.1
MEDIUM
CVE-2024-28680
all versions
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/diy_add.php.
6.1
MEDIUM
CVE-2024-28679
all versions
DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via Photo Collection.
6.1
MEDIUM
CVE-2024-28678
all versions
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_descripti
6.3
MEDIUM
CVE-2024-28677
all versions
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/article_keywords_main.php.
6.1
MEDIUM
CVE-2024-28676
all versions
DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via /dede/article_edit.php.
6.1
MEDIUM
CVE-2024-28673
all versions
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/mychannel_edit.php.
8.8
HIGH
CVE-2024-28672
all versions
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/media_edit.php.
5.4
MEDIUM
CVE-2024-28671
all versions
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/stepselect_main.php.
8.8
HIGH
CVE-2024-28670
all versions
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_main.php.
6.1
MEDIUM
CVE-2024-28669
all versions
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_edit.php.
5.4
MEDIUM
CVE-2024-28684
all versions
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/module_main.php
8.8
HIGH
CVE-2024-28675
all versions
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/diy_edit.php
8.8
HIGH
CVE-2024-28668
all versions
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/mychannel_add.php
6.1
MEDIUM
CVE-2024-28667
all versions
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/templets_one_edit
6.1
MEDIUM
CVE-2024-28666
all versions
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/media_add.php
5.5
MEDIUM
CVE-2024-28665
all versions
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_add.php
8.8
HIGH
CVE-2024-28432
all versions
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_edit.php.
8.8
HIGH
CVE-2024-28431
all versions
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/catalog_del.php.
8.8
HIGH
CVE-2024-28430
all versions
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/catalog_edit.php.
6.1
MEDIUM
CVE-2024-28429
all versions
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/archives_do.php
5.5
MEDIUM
CVE-2023-52047
all versions
Dedecms v5.7.112 was discovered to contain a Cross-Site Request Forgery (CSRF) in the file manager.
8.8
HIGH
CVE-2024-22895
all versions
DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php.
8.8
HIGH
CVE-2023-7212
<= 5.7.112
A vulnerability classified as critical has been found in DeDeCMS up to 5.7.112. Affected is an unknown function of the file file_c
4.7
MEDIUM
CVE-2023-49494
all versions
DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component select_media_po
6.1
MEDIUM
CVE-2023-49493
all versions
DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the v parameter at selectimag
6.1
MEDIUM
CVE-2023-49492
all versions
DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the imgstick parameter at sel
6.1
MEDIUM
CVE-2023-43275
all versions
Cross-Site Request Forgery (CSRF) vulnerability in DedeCMS v5.7 in 110 backend management interface via /catalog_add.php, allows a
8.8
HIGH
CVE-2023-48068
all versions
DedeCMS v6.2 was discovered to contain a Cross-site Scripting (XSS) vulnerability via spec_add.php.
5.4
MEDIUM
CVE-2023-5301
all versions
A vulnerability classified as critical was found in DedeCMS 5.7.111. This vulnerability affects the function AddMyAddon of the fil
4.7
MEDIUM
CVE-2023-43226
<= 5.7.111
An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary
8.8
HIGH
CVE-2023-5022
<= 5.7.100
A vulnerability has been found in DedeCMS up to 5.7.100 and classified as critical. Affected by this vulnerability is an unknown f
5.5
MEDIUM
CVE-2023-40784
all versions
DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/module_make.php.
9.8
CRITICAL
CVE-2023-4747
all versions
A vulnerability classified as critical was found in DedeCMS 5.7.110. This vulnerability affects unknown code of the file /uploads/
6.3
MEDIUM
CVE-2023-40877
<= 5.7.110
DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_edit.ph
5.4
MEDIUM
CVE-2023-40876
<= 5.7.110
DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_add.php
5.4
MEDIUM
CVE-2023-40875
<= 5.7.110
DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_ed
5.4
MEDIUM
CVE-2023-40874
<= 5.7.110
DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_ad
5.4
MEDIUM
CVE-2023-36298
all versions
DedeCMS v5.7.109 has a File Upload vulnerability, leading to remote code execution (RCE).
8.8
HIGH
CVE-2023-34842
<= 5.7.109
Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows remote attackers to run arbitrary code via crafted POST requ
9.8
CRITICAL
CVE-2023-37839
all versions
An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.109 allows attackers to execute arbitrary
9.8
CRITICAL
CVE-2023-3578
all versions
A vulnerability classified as critical was found in DedeCMS 5.7.109. Affected by this vulnerability is an unknown functionality of
5.5
MEDIUM
CVE-2023-2928
<= 5.7.106
A vulnerability was found in DedeCMS up to 5.7.106. It has been declared as critical. Affected by this vulnerability is an unknown
6.3
MEDIUM
CVE-2023-31757
all versions
DedeCMS up to v5.7.108 is vulnerable to XSS in sys_info.php via parameters 'edit___cfg_powerby' and 'edit___cfg_beian'
5.4
MEDIUM
CVE-2023-2424
all versions
A vulnerability was found in DedeCMS 5.7.106 and classified as critical. Affected by this issue is the function UpDateMemberModCac
6.3
MEDIUM
CVE-2023-30380
all versions
An issue in the component /dialog/select_media.php of DedeCMS v5.7.107 allows attackers to execute a directory traversal.
7.5
HIGH
CVE-2023-27733
all versions
DedeCMS v5.7.106 was discovered to contain a SQL injection vulnerability via the component /dede/sys_sql_query.php.
7.2
HIGH
CVE-2023-2059
all versions
A vulnerability was found in DedeCMS 5.7.87. It has been rated as problematic. Affected by this issue is some unknown functionalit
4.3
MEDIUM
CVE-2023-2056
<= 5.7.87
A vulnerability was found in DedeCMS up to 5.7.87 and classified as critical. This issue affects the function GetSystemFile of the
6.3
MEDIUM
CVE-2023-27709
<= 5.7.106
SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter
7.2
HIGH
CVE-2023-27707
<= 5.7.106
SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter
7.2
HIGH
CVE-2022-48140
all versions
DedeCMS v5.7.97 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /file_manage_view.php?fmdo=e
5.4
MEDIUM
CVE-2022-46442
<= 5.7.102
dedecms <=V5.7.102 is vulnerable to SQL Injection. In sys_ sql_ n query.php there are no restrictions on the sql query.
9.8
CRITICAL
CVE-2022-43192
all versions
An arbitrary file upload vulnerability in the component /dede/file_manage_control.php of Dedecms v5.7.101 allows attackers to exec
6.7
MEDIUM
CVE-2022-43031
all versions
DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrat
8.8
HIGH
CVE-2022-40921
all versions
DedeCMS V5.7.99 was discovered to contain an arbitrary file upload vulnerability via the component /dede/file_manage_control.php.
7.2
HIGH
CVE-2022-40886
all versions
DedeCMS 5.7.98 has a file upload vulnerability in the background.
7.2
HIGH
CVE-2022-36583
all versions
DedeCMS V5.7.97 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/co_do.php via the dopost, r
6.1
MEDIUM
CVE-2022-36216
>= 5.7.94 and <= 5.7.97
DedeCMS v5.7.94 - v5.7.97 was discovered to contain a remote code execution vulnerability in member_toadmin.php.
7.2
HIGH
CVE-2022-35516
>= 5.7.93 and <= 5.7.96
DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code execution vulnerability in login.php.
9.8
CRITICAL
CVE-2022-34531
all versions
DedeCMS v5.7.95 was discovered to contain a remote code execution (RCE) vulnerability via the component mytag_ main.php.
9.8
CRITICAL
CVE-2022-30508
all versions
DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter.
6.5
MEDIUM
CVE-2022-23337
all versions
DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerability in article_coonepage_rule.php via the ids parameter.
9.8
CRITICAL
CVE-2020-36497
all versions
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component makehtml_homepage.
6.1
MEDIUM
CVE-2020-36496
all versions
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component sys_admin_user_edi
6.1
MEDIUM
CVE-2020-36495
all versions
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.p
6.1
MEDIUM
CVE-2020-36494
all versions
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component mychannel_edit.php
6.1
MEDIUM
CVE-2020-36493
all versions
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component media_main.php via
5.4
MEDIUM
CVE-2020-36492
all versions
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component select_media.php v
5.4
MEDIUM
CVE-2020-36491
all versions
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tags_main.php via
5.4
MEDIUM
CVE-2020-36490
all versions
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.p
5.4
MEDIUM
CVE-2020-23046
all versions
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tpl.php via the `f
6.1
MEDIUM
CVE-2020-23044
all versions
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_pic_view.php
5.4
MEDIUM
CVE-2020-18114
all versions
An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows attackers to upload a webshell in
9.8
CRITICAL
CVE-2020-18917
all versions
The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter
8.8
HIGH
CVE-2020-22198
all versions
SQL Injection vulnerability in DedeCMS 5.7 via mdescription parameter to member/ajax_membergroup.php.
9.8
CRITICAL
CVE-2021-32073
all versions
DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to the web manager all
8.8
HIGH
CVE-2020-16632
all versions
A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrar
5.4
MEDIUM
CVE-2020-27533
all versions
A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to inject cod
5.4
MEDIUM
CVE-2015-4553
<= 5.6
A file upload issue exists in DeDeCMS before 5.7-sp1, which allows malicious users getshell.
8.8
HIGH
CVE-2019-10014
all versions
In DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticated users to reset the passwords of arbitrary users via a modi
6.5
MEDIUM
CVE-2019-8933
all versions
In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory (without being blocked by the Web Application Firewa
8.8
HIGH
CVE-2019-8362
< 5.7
DedeCMS through V5.7SP2 allows arbitrary file upload in dede/album_edit.php or dede/album_add.php, as demonstrated by a dede/album
7.5
HIGH
CVE-2019-6289
all versions
uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows remote attackers to execute arbitrary PHP code by uploading
8.8
HIGH
CVE-2018-20129
all versions
An issue was discovered in DedeCMS V5.7 SP2. uploads/include/dialog/select_images_post.php allows remote attackers to upload and e
8.8
HIGH
CVE-2018-19061
all versions
DedeCMS 5.7 SP2 has SQL Injection via the dede\co_do.php ids parameter.
9.8
CRITICAL
CVE-2018-18782
all versions
Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/myfriend.php ftype parameter.
6.1
MEDIUM
CVE-2018-18781
all versions
DedeCMS 5.7 SP2 allows XSS via the /member/uploads_select.php f or keyword parameter.
6.1
MEDIUM
CVE-2018-18608
all versions
DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.class.php file that is used to dis
6.1
MEDIUM
CVE-2018-18579
all versions
Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter.
6.1
MEDIUM
CVE-2018-18578
all versions
DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter.
6.1
MEDIUM
CVE-2018-16786
all versions
DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg parameter to /plus/feedback_ajax.php.
6.1
MEDIUM
CVE-2018-16784
all versions
DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "<file type='file' name='../" substring.
7.2
HIGH
CVE-2018-16785
all versions
XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script fi
8.8
HIGH
CVE-2018-12046
< 5.7
DedeCMS through 5.7SP2 allows arbitrary file write in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=newfile re
7.5
HIGH
CVE-2018-12045
< 5.7
DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=upload r
9.8
CRITICAL
CVE-2018-10375
all versions
A file uploading vulnerability exists in /include/helpers/upload.helper.php in DedeCMS V5.7 SP2, which can be utilized by attacker
9.8
CRITICAL
CVE-2018-9175
all versions
DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the egroup parameter to uploads/dede/stepselect_main.php bec
9.8
CRITICAL
CVE-2018-9174
all versions
sys_verifies.php in DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the refiles array parameter, because the
9.8
CRITICAL
CVE-2018-9134
all versions
file_manage_control.php in DedeCMS 5.7 has CSRF in an fmdo=rename action, as demonstrated by renaming an arbitrary file under uplo
8.8
HIGH
CVE-2018-7700
all versions
DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php request c
8.8
HIGH
CVE-2018-6910
all versions
DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives
7.5
HIGH
CVE-2018-6881
all versions
EmpireCMS 6.6 allows remote attackers to discover the full path via an array value for a parameter to admin/tool/ShowPic.php.
5.3
MEDIUM
CVE-2017-17731
<= 5.7
DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php.
9.8
CRITICAL
CVE-2017-17730
<= 5.7
DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php.
9.8
CRITICAL
CVE-2017-17727
<= 5.6
DedeCMS through 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in
8.8
HIGH
CVE-2011-5200
all versions
Multiple SQL injection vulnerabilities in DeDeCMS, possibly 5.6, allow remote attackers to execute arbitrary SQL commands via the
CVE-2010-1097
all versions
include/userlogin.class.php in DeDeCMS 5.5 GBK, when session.auto_start is enabled, allows remote attackers to bypass authenticati
CVE-2009-3806
all versions
SQL injection vulnerability in feedback_js.php in DedeCMS 5.1 allows remote attackers to execute arbitrary SQL commands via the ar
CVE-2009-2270
all versions
Unrestricted file upload vulnerability in member/uploads_edit.php in dedecms 5.3 allows remote attackers to execute arbitrary code
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin