Filtered by vendor Dedecms
Subscribe
Total
165 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3806 | 1 Dedecms | 1 Dedecms | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in feedback_js.php in DedeCMS 5.1 allows remote attackers to execute arbitrary SQL commands via the arcurl parameter. | |||||
| CVE-2009-2270 | 1 Dedecms | 1 Dedecms | 2026-06-16 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in member/uploads_edit.php in dedecms 5.3 allows remote attackers to execute arbitrary code by uploading a file with a double extension in the filename, then accessing this file via unspecified vectors, as demonstrated by a .jpg.php filename. | |||||
| CVE-2026-30643 | 1 Dedecms | 1 Dedecms | 2026-04-06 | N/A | 9.8 CRITICAL |
| An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module upload. | |||||
| CVE-2026-30694 | 1 Dedecms | 1 Dedecms | 2026-03-25 | N/A | 9.8 CRITICAL |
| An issue in DedeCMS v.5.7.118 and before allows a remote attacker to execute arbitrary code via the array_filter component | |||||
| CVE-2026-29839 | 1 Dedecms | 1 Dedecms | 2026-03-25 | N/A | 8.8 HIGH |
| DedeCMS v5.7.118 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability in /sys_task_add.php. | |||||