Dedecms Security Vulnerabilities (CVEs)
Track 32 security vulnerabilities affecting Dedecms products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
DedeCMS v5.7 contains a CSRF vulnerability in the makehtml_list_action.php file that allows attackers to trick authenticated administrators into perfo...
Dec 29, 2025This SQL injection vulnerability in DedeCMS allows attackers to manipulate database queries through the orderby parameter in /freelist_main.php. Attac...
Dec 22, 2025This CVE describes a critical code injection vulnerability in DedeCMS 5.7.117 that allows remote attackers to execute arbitrary code by manipulating t...
May 25, 2025Dedecms V5.7.115 contains a file upload vulnerability in the backend that allows authenticated attackers to upload malicious files and execute arbitra...
Sep 18, 2024This critical vulnerability in DedeCMS allows remote attackers to inject and execute arbitrary code through the article_template_rand.php file. It aff...
Jul 21, 2024This critical vulnerability in DedeCMS allows attackers to upload arbitrary files to the server, leading to remote code execution. Attackers can compr...
May 28, 2024This vulnerability allows unauthenticated attackers to upload arbitrary files to DedeCMS backend servers via the media_add.php page. Attackers can ach...
May 23, 2024DedeCMS V5.7.113 contains a cross-site scripting vulnerability in sys_data_replace.php that allows attackers to inject malicious scripts into web page...
May 17, 2024This CSRF vulnerability in DedeCMS 5.7 allows attackers to trick authenticated administrators into performing unintended actions by visiting malicious...
May 7, 2024This CSRF vulnerability in DedeCMS 5.7 allows attackers to trick authenticated administrators into performing unauthorized actions via the /src/dede/s...
May 7, 2024This vulnerability in DedeCMS 5.7 allows attackers to perform cross-site request forgery (CSRF) attacks via the /src/dede/sys_multiserv.php file. Atta...
May 7, 2024This CSRF vulnerability in DedeCMS allows attackers to trick authenticated administrators into performing unintended actions by visiting malicious web...
May 7, 2024This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in DedeCMS 5.7 that allows attackers to trick authenticated users into performing...
May 7, 2024This CSRF vulnerability in DedeCMS 5.7 allows attackers to trick authenticated users into performing unintended actions by manipulating the /src/dede/...
May 7, 2024DedeCMS V5.7.114 contains an improper authorization vulnerability in mail_file_manage.php that allows attackers to delete any file on the server. This...
May 6, 2024This CVE describes a critical file upload vulnerability in DedeCMS v5.7 that allows local attackers to upload malicious files and execute arbitrary co...
Apr 22, 2024DedeCMS v5.7 contains a CSRF vulnerability in the member_scores.php component that allows attackers to trick authenticated administrators into perform...
Apr 2, 2024DedeCMS v5.7 contains a CSRF vulnerability in the makehtml_homepage.php component that allows attackers to trick authenticated administrators into exe...
Mar 26, 2024DedeCMS v5.7 contains a Cross-Site Request Forgery (CSRF) vulnerability in the /dede/stepselect_main.php endpoint. This allows attackers to trick auth...
Mar 13, 2024DedeCMS v5.7 contains a CSRF vulnerability in the mychannel_edit.php component that allows attackers to trick authenticated administrators into perfor...
Mar 13, 2024DedeCMS v5.7 contains a CSRF vulnerability in the /dede/diy_edit.php endpoint that allows attackers to trick authenticated administrators into perform...
Mar 13, 2024DedeCMS v5.7 contains a Cross-Site Request Forgery (CSRF) vulnerability in the article_add.php component that allows attackers to trick authenticated ...
Mar 13, 2024DedeCMS v5.7 contains a CSRF vulnerability in the catalog_del.php component that allows attackers to trick authenticated administrators into performin...
Mar 13, 2024This CSRF vulnerability in Dedecms v5.7.112 allows attackers to trick authenticated administrators into performing unauthorized actions via the file m...
Feb 28, 2024DedeCMS 5.7.112 contains an unrestricted file upload vulnerability in the module_upload.php component. Attackers can upload malicious files to execute...
Jan 22, 2024DedeCMS 5.7.102 contains an unrestricted file upload vulnerability in the module_make.php component that allows attackers to upload arbitrary files, i...
Sep 12, 2023This critical vulnerability in DedeCMS allows remote attackers to execute arbitrary code on affected systems by sending specially crafted POST request...
Jul 31, 2023This vulnerability allows attackers to upload arbitrary PHP files to DedeCMS v5.7.109 through the /dede/file_manage_control.php endpoint, leading to r...
Jul 13, 2023DedeCMS v5.7.106 contains a SQL injection vulnerability in the /dede/sys_sql_query.php component that allows authenticated attackers to execute arbitr...
Apr 17, 2023This SQL injection vulnerability in DedeCMS allows remote attackers to execute arbitrary SQL commands through the rank_* parameter in the /dede/group_...
Mar 16, 2023DedeCMS v5.7.95 contains a remote code execution vulnerability in the mytag_main.php component that allows attackers to execute arbitrary code on affe...
Jul 29, 2022This CVE describes a SQL injection vulnerability in DedeCMS 5.7 that allows attackers to execute arbitrary SQL commands via the mdescription parameter...
Jun 16, 2021Why Monitor Dedecms Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 32+ known vulnerabilities affecting Dedecms products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Dedecms packages in under 60 seconds. No agents required - completely agentless scanning that works across Dedecms deployments.
Free vulnerability database: Access detailed information about every Dedecms CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Dedecms CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
