Dedecms CVEs and Security Vulnerabilities

Filtered by vendor Dedecms Subscriptions

Filtered by product Dedecms Subscriptions

Search

Switch to Advanced Search (Beta)

Total 170 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-34959	1 Dedecms	1 Dedecms	2025-04-01	5.5 Medium
DedeCMS V5.7.113 is vulnerable to Cross Site Scripting (XSS) via sys_data_replace.php.
CVE-2024-35375	1 Dedecms	1 Dedecms	2025-04-01	9.8 Critical
There is an arbitrary file upload vulnerability on the media add .php page in the backend of the website in version 5.7.114 of DedeCMS
CVE-2024-35510	1 Dedecms	1 Dedecms	2025-04-01	9.8 Critical
An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.114 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2024-57241	1 Dedecms	1 Dedecms	2025-04-01	6.5 Medium
Dedecms 5.71sp1 and earlier is vulnerable to URL redirect. In the web application, a logic error does not judge the input GET request resulting in URL redirection.
CVE-2024-29684	1 Dedecms	1 Dedecms	2025-04-01	9.8 Critical
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /src/dede/makehtml_homepage.php allowing a remote attacker to execute arbitrary code.
CVE-2024-33371	1 Dedecms	1 Dedecms	2025-04-01	6.1 Medium
Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remote attacker to execute arbitrary code via the typeid parameter in the makehtml_list_action.php component.
CVE-2024-33401	1 Dedecms	1 Dedecms	2025-04-01	4.4 Medium
Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remote attacker to run arbitrary code via the mnum parameter.
CVE-2024-28678	1 Dedecms	1 Dedecms	2025-04-01	6.3 Medium
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_description_main.php
CVE-2024-28679	1 Dedecms	1 Dedecms	2025-04-01	6.1 Medium
DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via Photo Collection.
CVE-2024-28680	1 Dedecms	1 Dedecms	2025-04-01	6.1 Medium
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/diy_add.php.
CVE-2024-28681	1 Dedecms	1 Dedecms	2025-04-01	6.1 Medium
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/plus_edit.php.
CVE-2024-28682	1 Dedecms	1 Dedecms	2025-04-01	6.3 Medium
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/sys_cache_up.php.
CVE-2024-28683	1 Dedecms	1 Dedecms	2025-04-01	6.1 Medium
DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via create file.
CVE-2024-28430	1 Dedecms	1 Dedecms	2025-04-01	6.1 Medium
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/catalog_edit.php.
CVE-2024-28431	1 Dedecms	1 Dedecms	2025-04-01	8.8 High
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/catalog_del.php.
CVE-2024-28432	1 Dedecms	1 Dedecms	2025-04-01	8.8 High
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_edit.php.
CVE-2024-28665	1 Dedecms	1 Dedecms	2025-04-01	8.8 High
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_add.php
CVE-2024-28666	1 Dedecms	1 Dedecms	2025-04-01	5.5 Medium
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/media_add.php
CVE-2024-28667	1 Dedecms	1 Dedecms	2025-04-01	6.1 Medium
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/templets_one_edit.php
CVE-2024-28668	1 Dedecms	1 Dedecms	2025-04-01	6.1 Medium
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/mychannel_add.php

« first previous Page 3 of 9. next last »