Dedecms

Dedecms

172 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2025-6335

Exploit
  • EPSS 6.86%
  • Veröffentlicht 20.06.2025 11:00:19
  • Zuletzt bearbeitet 29.04.2026 01:00:01

A vulnerability was found in DedeCMS up to 5.7.2 and classified as critical. This issue affects some unknown processing of the file /include/dedetag.class.php of the component Template Handler. The manipulation of the argument notes leads to command ...

7.2

CVE-2025-5137

Exploit
  • EPSS 0.46%
  • Veröffentlicht 25.05.2025 00:00:10
  • Zuletzt bearbeitet 10.06.2025 19:33:16

A vulnerability was found in DedeCMS 5.7.117. It has been classified as critical. Affected is an unknown function of the file dede/sys_verifies.php?action=getfiles of the component Incomplete Fix CVE-2018-9175. The manipulation of the argument refile...

6.5

CVE-2024-57241

  • EPSS 1.11%
  • Veröffentlicht 11.02.2025 22:15:29
  • Zuletzt bearbeitet 01.04.2025 18:03:45

Dedecms 5.71sp1 and earlier is vulnerable to URL redirect. In the web application, a logic error does not judge the input GET request resulting in URL redirection.

5.4

CVE-2024-12183

Exploit
  • EPSS 0.42%
  • Veröffentlicht 04.12.2024 23:15:05
  • Zuletzt bearbeitet 10.12.2024 16:05:39

A vulnerability, which was classified as problematic, was found in DedeCMS 5.7.116. This affects the function RemoveXSS of the file /plus/carbuyaction.php of the component HTTP POST Request Handler. The manipulation leads to cross site scripting. It ...

5.4

CVE-2024-12182

Exploit
  • EPSS 0.39%
  • Veröffentlicht 04.12.2024 23:15:04
  • Zuletzt bearbeitet 10.12.2024 16:18:29

A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7.116. Affected by this issue is some unknown functionality of the file /member/soft_add.php. The manipulation of the argument body leads to cross site scripting. The a...

5.4

CVE-2024-12180

Exploit
  • EPSS 0.43%
  • Veröffentlicht 04.12.2024 22:15:22
  • Zuletzt bearbeitet 10.12.2024 16:34:52

A vulnerability classified as problematic has been found in DedeCMS 5.7.116. Affected is an unknown function of the file /member/article_add.php. The manipulation of the argument body leads to cross site scripting. It is possible to launch the attack...

5.4

CVE-2024-12181

Exploit
  • EPSS 0.39%
  • Veröffentlicht 04.12.2024 22:15:22
  • Zuletzt bearbeitet 10.12.2024 16:29:18

A vulnerability classified as problematic was found in DedeCMS 5.7.116. Affected by this vulnerability is an unknown functionality of the file /member/uploads_add.php of the component SWF File Handler. The manipulation of the argument mediatype leads...

9.8

CVE-2024-11138

  • EPSS 2.48%
  • Veröffentlicht 12.11.2024 18:15:17
  • Zuletzt bearbeitet 10.12.2024 21:11:45

A vulnerability classified as problematic has been found in DedeCMS 5.7.116. This affects an unknown part of the file /dede/uploads/dede/friendlink_add.php. The manipulation of the argument logoimg leads to unrestricted upload. It is possible to init...

8.8

CVE-2024-9076

Exploit
  • EPSS 19.83%
  • Veröffentlicht 22.09.2024 01:15:12
  • Zuletzt bearbeitet 28.11.2024 07:15:05

A vulnerability was found in DedeCMS up to 5.7.115. It has been rated as critical. This issue affects some unknown processing of the file /dede/article_string_mix.php. The manipulation leads to os command injection. The attack may be initiated remote...

6.1

CVE-2024-46372

  • EPSS 0.26%
  • Veröffentlicht 18.09.2024 21:15:13
  • Zuletzt bearbeitet 25.03.2025 17:16:10

DedeCMS 5.7.115 is vulnerable to Cross Site Scripting (XSS) via the advertisement code box in the advertisement management module.