Total
159 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-30965 | 1 Dedecms | 1 Dedecms | 2025-04-01 | N/A | 8.8 HIGH |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/member_scores.php. | |||||
| CVE-2024-29661 | 1 Dedecms | 1 Dedecms | 2025-04-01 | N/A | 9.8 CRITICAL |
| A File Upload vulnerability in DedeCMS v5.7 allows a local attacker to execute arbitrary code via a crafted payload. | |||||
| CVE-2024-29660 | 1 Dedecms | 1 Dedecms | 2025-04-01 | N/A | 5.3 MEDIUM |
| Cross Site Scripting vulnerability in DedeCMS v.5.7 allows a local attacker to execute arbitrary code via a crafted payload to the stepselect_main.php component. | |||||
| CVE-2024-33749 | 1 Dedecms | 1 Dedecms | 2025-04-01 | N/A | 9.1 CRITICAL |
| DedeCMS V5.7.114 is vulnerable to deletion of any file via mail_file_manage.php. | |||||
| CVE-2024-34245 | 1 Dedecms | 1 Dedecms | 2025-04-01 | N/A | 6.5 MEDIUM |
| An arbitrary file read vulnerability in DedeCMS v5.7.114 allows authenticated attackers to read arbitrary files by specifying any path in makehtml_js_action.php. | |||||
| CVE-2024-34959 | 1 Dedecms | 1 Dedecms | 2025-04-01 | N/A | 5.5 MEDIUM |
| DedeCMS V5.7.113 is vulnerable to Cross Site Scripting (XSS) via sys_data_replace.php. | |||||
| CVE-2024-35375 | 1 Dedecms | 1 Dedecms | 2025-04-01 | N/A | 9.8 CRITICAL |
| There is an arbitrary file upload vulnerability on the media add .php page in the backend of the website in version 5.7.114 of DedeCMS | |||||
| CVE-2024-35510 | 1 Dedecms | 1 Dedecms | 2025-04-01 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.114 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2024-57241 | 1 Dedecms | 1 Dedecms | 2025-04-01 | N/A | 6.5 MEDIUM |
| Dedecms 5.71sp1 and earlier is vulnerable to URL redirect. In the web application, a logic error does not judge the input GET request resulting in URL redirection. | |||||
| CVE-2024-29684 | 1 Dedecms | 1 Dedecms | 2025-04-01 | N/A | 9.8 CRITICAL |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /src/dede/makehtml_homepage.php allowing a remote attacker to execute arbitrary code. | |||||
| CVE-2024-33371 | 1 Dedecms | 1 Dedecms | 2025-04-01 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remote attacker to execute arbitrary code via the typeid parameter in the makehtml_list_action.php component. | |||||
| CVE-2024-33401 | 1 Dedecms | 1 Dedecms | 2025-04-01 | N/A | 4.4 MEDIUM |
| Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remote attacker to run arbitrary code via the mnum parameter. | |||||
| CVE-2024-28678 | 1 Dedecms | 1 Dedecms | 2025-04-01 | N/A | 6.3 MEDIUM |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_description_main.php | |||||
| CVE-2024-28679 | 1 Dedecms | 1 Dedecms | 2025-04-01 | N/A | 6.1 MEDIUM |
| DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via Photo Collection. | |||||
| CVE-2024-28680 | 1 Dedecms | 1 Dedecms | 2025-04-01 | N/A | 6.1 MEDIUM |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/diy_add.php. | |||||
| CVE-2024-28681 | 1 Dedecms | 1 Dedecms | 2025-04-01 | N/A | 6.1 MEDIUM |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/plus_edit.php. | |||||
| CVE-2024-28682 | 1 Dedecms | 1 Dedecms | 2025-04-01 | N/A | 6.3 MEDIUM |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/sys_cache_up.php. | |||||
| CVE-2024-28683 | 1 Dedecms | 1 Dedecms | 2025-04-01 | N/A | 6.1 MEDIUM |
| DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via create file. | |||||
| CVE-2024-28430 | 1 Dedecms | 1 Dedecms | 2025-04-01 | N/A | 6.1 MEDIUM |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/catalog_edit.php. | |||||
| CVE-2024-28431 | 1 Dedecms | 1 Dedecms | 2025-04-01 | N/A | 8.8 HIGH |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/catalog_del.php. | |||||