📦 Dedecms
by Dedecms
🔍 What is Dedecms?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
This critical vulnerability in DedeCMS allows attackers to upload arbitrary files to the server, leading to remote code execution. Attackers can compromise the entire web server by uploading malicious...
This vulnerability allows unauthenticated attackers to upload arbitrary files to DedeCMS backend servers via the media_add.php page. Attackers can achieve remote code execution by uploading malicious ...
DedeCMS V5.7.114 contains an improper authorization vulnerability in mail_file_manage.php that allows attackers to delete any file on the server. This affects all DedeCMS installations running the vul...
This CVE describes a critical file upload vulnerability in DedeCMS v5.7 that allows local attackers to upload malicious files and execute arbitrary code on the server. The vulnerability affects all De...
DedeCMS v5.7 contains a CSRF vulnerability in the makehtml_homepage.php component that allows attackers to trick authenticated administrators into executing arbitrary code. This affects all DedeCMS v5...
DedeCMS 5.7.102 contains an unrestricted file upload vulnerability in the module_make.php component that allows attackers to upload arbitrary files, including malicious scripts. This affects all DedeC...
This critical vulnerability in DedeCMS allows remote attackers to execute arbitrary code on affected systems by sending specially crafted POST requests to the /dede/tpl.php endpoint. All DedeCMS insta...
This vulnerability allows attackers to upload arbitrary PHP files to DedeCMS v5.7.109 through the /dede/file_manage_control.php endpoint, leading to remote code execution. Attackers can gain full cont...
DedeCMS v5.7.95 contains a remote code execution vulnerability in the mytag_main.php component that allows attackers to execute arbitrary code on affected systems. This affects all websites running th...
This CVE describes a SQL injection vulnerability in DedeCMS 5.7 that allows attackers to execute arbitrary SQL commands via the mdescription parameter in member/ajax_membergroup.php. This affects all ...
DedeCMS v5.7 contains a CSRF vulnerability in the makehtml_list_action.php file that allows attackers to trick authenticated administrators into performing unauthorized actions. This affects all DedeC...
Dedecms V5.7.115 contains a file upload vulnerability in the backend that allows authenticated attackers to upload malicious files and execute arbitrary code. This affects websites running this specif...
DedeCMS v5.7 contains a CSRF vulnerability in the member_scores.php component that allows attackers to trick authenticated administrators into performing unauthorized actions. This affects all DedeCMS...
DedeCMS v5.7 contains a Cross-Site Request Forgery (CSRF) vulnerability in the /dede/stepselect_main.php endpoint. This allows attackers to trick authenticated administrators into performing unintende...
DedeCMS v5.7 contains a CSRF vulnerability in the mychannel_edit.php component that allows attackers to trick authenticated administrators into performing unauthorized actions. This affects all DedeCM...
DedeCMS v5.7 contains a CSRF vulnerability in the /dede/diy_edit.php endpoint that allows attackers to trick authenticated administrators into performing unauthorized actions. This affects all DedeCMS...
DedeCMS v5.7 contains a Cross-Site Request Forgery (CSRF) vulnerability in the article_add.php component that allows attackers to trick authenticated administrators into performing unauthorized action...
DedeCMS v5.7 contains a CSRF vulnerability in the catalog_del.php component that allows attackers to trick authenticated administrators into performing unauthorized catalog deletion actions. This affe...
This CSRF vulnerability in Dedecms v5.7.112 allows attackers to trick authenticated administrators into performing unauthorized actions via the file manager. Attackers can upload malicious files, modi...
DedeCMS 5.7.112 contains an unrestricted file upload vulnerability in the module_upload.php component. Attackers can upload malicious files to execute arbitrary code on affected systems. This affects ...
DedeCMS v5.7.106 contains a SQL injection vulnerability in the /dede/sys_sql_query.php component that allows authenticated attackers to execute arbitrary SQL commands. This affects administrators with...
This SQL injection vulnerability in DedeCMS allows remote attackers to execute arbitrary SQL commands through the rank_* parameter in the /dede/group_store.php endpoint. Attackers can potentially read...
This SQL injection vulnerability in DedeCMS allows attackers to manipulate database queries through the orderby parameter in /freelist_main.php. Attackers can potentially read, modify, or delete datab...
This CVE describes a critical code injection vulnerability in DedeCMS 5.7.117 that allows remote attackers to execute arbitrary code by manipulating the 'refiles' parameter in the sys_verifies.php fil...
This critical vulnerability in DedeCMS allows remote attackers to inject and execute arbitrary code through the article_template_rand.php file. It affects all users running DedeCMS 5.7.114, potentiall...
DedeCMS V5.7.113 contains a cross-site scripting vulnerability in sys_data_replace.php that allows attackers to inject malicious scripts into web pages. This affects administrators and users who view ...
This CSRF vulnerability in DedeCMS 5.7 allows attackers to trick authenticated administrators into performing unintended actions by visiting malicious web pages. It affects all DedeCMS 5.7 installatio...
This CSRF vulnerability in DedeCMS 5.7 allows attackers to trick authenticated administrators into performing unauthorized actions via the /src/dede/sys_group_add.php endpoint. Attackers can remotely ...
This vulnerability in DedeCMS 5.7 allows attackers to perform cross-site request forgery (CSRF) attacks via the /src/dede/sys_multiserv.php file. Attackers can trick authenticated users into performin...
This CSRF vulnerability in DedeCMS allows attackers to trick authenticated administrators into performing unintended actions by visiting malicious web pages. It affects DedeCMS 5.7 installations using...
This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in DedeCMS 5.7 that allows attackers to trick authenticated users into performing unintended actions via the /src/dede/mytag_edit.p...
This CSRF vulnerability in DedeCMS 5.7 allows attackers to trick authenticated users into performing unintended actions by manipulating the /src/dede/member_type.php file. Attackers can exploit this r...