Dedecms

Dedecms

164 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2024-30855

Exploit
  • EPSS 0.02%
  • Veröffentlicht 29.12.2025 00:00:00
  • Zuletzt bearbeitet 02.01.2026 13:43:49

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/makehtml_list_action.php.

8.8

CVE-2025-15004

Exploit
  • EPSS 0.04%
  • Veröffentlicht 22.12.2025 00:02:08
  • Zuletzt bearbeitet 31.12.2025 15:50:09

A vulnerability was identified in DedeCMS up to 5.7.118. This impacts an unknown function of the file /freelist_main.php. The manipulation of the argument orderby leads to sql injection. It is possible to initiate the attack remotely. The exploit is ...

7.2

CVE-2025-6335

Exploit
  • EPSS 0.12%
  • Veröffentlicht 20.06.2025 11:00:19
  • Zuletzt bearbeitet 18.07.2025 12:25:17

A vulnerability was found in DedeCMS up to 5.7.2 and classified as critical. This issue affects some unknown processing of the file /include/dedetag.class.php of the component Template Handler. The manipulation of the argument notes leads to command ...

7.2

CVE-2025-5137

Exploit
  • EPSS 0.08%
  • Veröffentlicht 25.05.2025 00:00:10
  • Zuletzt bearbeitet 10.06.2025 19:33:16

A vulnerability was found in DedeCMS 5.7.117. It has been classified as critical. Affected is an unknown function of the file dede/sys_verifies.php?action=getfiles of the component Incomplete Fix CVE-2018-9175. The manipulation of the argument refile...

6.5

CVE-2024-57241

  • EPSS 6.6%
  • Veröffentlicht 11.02.2025 22:15:29
  • Zuletzt bearbeitet 01.04.2025 18:03:45

Dedecms 5.71sp1 and earlier is vulnerable to URL redirect. In the web application, a logic error does not judge the input GET request resulting in URL redirection.

5.4

CVE-2024-12183

Exploit
  • EPSS 0.12%
  • Veröffentlicht 04.12.2024 23:15:05
  • Zuletzt bearbeitet 10.12.2024 16:05:39

A vulnerability, which was classified as problematic, was found in DedeCMS 5.7.116. This affects the function RemoveXSS of the file /plus/carbuyaction.php of the component HTTP POST Request Handler. The manipulation leads to cross site scripting. It ...

5.4

CVE-2024-12182

Exploit
  • EPSS 0.12%
  • Veröffentlicht 04.12.2024 23:15:04
  • Zuletzt bearbeitet 10.12.2024 16:18:29

A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7.116. Affected by this issue is some unknown functionality of the file /member/soft_add.php. The manipulation of the argument body leads to cross site scripting. The a...

5.4

CVE-2024-12180

Exploit
  • EPSS 0.08%
  • Veröffentlicht 04.12.2024 22:15:22
  • Zuletzt bearbeitet 10.12.2024 16:34:52

A vulnerability classified as problematic has been found in DedeCMS 5.7.116. Affected is an unknown function of the file /member/article_add.php. The manipulation of the argument body leads to cross site scripting. It is possible to launch the attack...

5.4

CVE-2024-12181

Exploit
  • EPSS 0.12%
  • Veröffentlicht 04.12.2024 22:15:22
  • Zuletzt bearbeitet 10.12.2024 16:29:18

A vulnerability classified as problematic was found in DedeCMS 5.7.116. Affected by this vulnerability is an unknown functionality of the file /member/uploads_add.php of the component SWF File Handler. The manipulation of the argument mediatype leads...

9.8

CVE-2024-11138

  • EPSS 0.17%
  • Veröffentlicht 12.11.2024 18:15:17
  • Zuletzt bearbeitet 10.12.2024 21:11:45

A vulnerability classified as problematic has been found in DedeCMS 5.7.116. This affects an unknown part of the file /dede/uploads/dede/friendlink_add.php. The manipulation of the argument logoimg leads to unrestricted upload. It is possible to init...