Filtered by vendor Dedecms
Subscribe
Total
165 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-2821 | 1 Dedecms | 1 Dedecms | 2026-06-17 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. Affected by this issue is some unknown functionality of the file /src/dede/friendlink_edit.php. The manipulation of the argument id leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257708. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-2820 | 1 Dedecms | 1 Dedecms | 2026-06-17 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic was found in DedeCMS 5.7. Affected by this vulnerability is an unknown functionality of the file /src/dede/baidunews.php. The manipulation of the argument filename leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257707. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-29684 | 1 Dedecms | 1 Dedecms | 2026-06-17 | N/A | 9.8 CRITICAL |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /src/dede/makehtml_homepage.php allowing a remote attacker to execute arbitrary code. | |||||
| CVE-2024-29661 | 1 Dedecms | 1 Dedecms | 2026-06-17 | N/A | 9.8 CRITICAL |
| A File Upload vulnerability in DedeCMS v5.7 allows a local attacker to execute arbitrary code via a crafted payload. | |||||
| CVE-2024-29660 | 1 Dedecms | 1 Dedecms | 2026-06-17 | N/A | 5.3 MEDIUM |
| Cross Site Scripting vulnerability in DedeCMS v.5.7 allows a local attacker to execute arbitrary code via a crafted payload to the stepselect_main.php component. | |||||
| CVE-2024-28684 | 1 Dedecms | 1 Dedecms | 2026-06-17 | N/A | 8.8 HIGH |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/module_main.php | |||||
| CVE-2024-28683 | 1 Dedecms | 1 Dedecms | 2026-06-17 | N/A | 6.1 MEDIUM |
| DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via create file. | |||||
| CVE-2024-28682 | 1 Dedecms | 1 Dedecms | 2026-06-17 | N/A | 6.3 MEDIUM |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/sys_cache_up.php. | |||||
| CVE-2024-28681 | 1 Dedecms | 1 Dedecms | 2026-06-17 | N/A | 6.1 MEDIUM |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/plus_edit.php. | |||||
| CVE-2024-28680 | 1 Dedecms | 1 Dedecms | 2026-06-17 | N/A | 6.1 MEDIUM |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/diy_add.php. | |||||
| CVE-2024-28679 | 1 Dedecms | 1 Dedecms | 2026-06-17 | N/A | 6.1 MEDIUM |
| DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via Photo Collection. | |||||
| CVE-2024-28678 | 1 Dedecms | 1 Dedecms | 2026-06-17 | N/A | 6.3 MEDIUM |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_description_main.php | |||||
| CVE-2024-28677 | 1 Dedecms | 1 Dedecms | 2026-06-17 | N/A | 6.1 MEDIUM |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/article_keywords_main.php. | |||||
| CVE-2024-28676 | 1 Dedecms | 1 Dedecms | 2026-06-17 | N/A | 6.1 MEDIUM |
| DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via /dede/article_edit.php. | |||||
| CVE-2024-28675 | 1 Dedecms | 1 Dedecms | 2026-06-17 | N/A | 8.8 HIGH |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/diy_edit.php | |||||
| CVE-2024-28673 | 1 Dedecms | 1 Dedecms | 2026-06-17 | N/A | 8.8 HIGH |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/mychannel_edit.php. | |||||
| CVE-2024-28672 | 1 Dedecms | 1 Dedecms | 2026-06-17 | N/A | 5.4 MEDIUM |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/media_edit.php. | |||||
| CVE-2024-28671 | 1 Dedecms | 1 Dedecms | 2026-06-17 | N/A | 8.8 HIGH |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/stepselect_main.php. | |||||
| CVE-2024-28670 | 1 Dedecms | 1 Dedecms | 2026-06-17 | N/A | 6.1 MEDIUM |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_main.php. | |||||
| CVE-2024-28669 | 1 Dedecms | 1 Dedecms | 2026-06-17 | N/A | 5.4 MEDIUM |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_edit.php. | |||||