CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4589 – DedeCMS mytag_edit.php cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-4589
07 May 2024 — A vulnerability was found in DedeCMS 5.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /src/dede/mytag_edit.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. • https://github.com/Hckwzh/cms/blob/main/20.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4588 – DedeCMS mytag_add.php cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-4588
07 May 2024 — A vulnerability was found in DedeCMS 5.7. It has been classified as problematic. Affected is an unknown function of the file /src/dede/mytag_add.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. • https://github.com/Hckwzh/cms/blob/main/19.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4586 – DedeCMS shops_delivery.php cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-4586
07 May 2024 — A vulnerability has been found in DedeCMS 5.7 and classified as problematic. This vulnerability affects unknown code of the file /src/dede/shops_delivery.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Hckwzh/cms/blob/main/17.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33749
https://notcve.org/view.php?id=CVE-2024-33749
06 May 2024 — DedeCMS V5.7.114 is vulnerable to deletion of any file via mail_file_manage.php. DedeCMS V5.7.114 es vulnerable a la eliminación de cualquier archivo a través de mail_file_manage.php. • https://github.com/QianGeG/CVE/issues/13 • CWE-285: Improper Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33371
https://notcve.org/view.php?id=CVE-2024-33371
30 Apr 2024 — Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remote attacker to execute arbitrary code via the typeid parameter in the makehtml_list_action.php component. Vulnerabilidad de Cross Site Scripting en DedeCMS v.5.7.113 permite a un atacante remoto ejecutar código arbitrario a través del parámetro typeid en el componente makehtml_list_action.php. • https://gitee.com/zchuanwen/cve/issues/I9HQRY • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33401
https://notcve.org/view.php?id=CVE-2024-33401
29 Apr 2024 — Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remote attacker to run arbitrary code via the mnum parameter. Vulnerabilidad de Cross Site Scripting en DedeCMS v.5.7.113 permite a un atacante remoto ejecutar código arbitrario a través del parámetro mnum. • https://gitee.com/zchuanwen/cve123/issues/I9I18D • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29660
https://notcve.org/view.php?id=CVE-2024-29660
25 Apr 2024 — Cross Site Scripting vulnerability in DedeCMS v.5.7 allows a local attacker to execute arbitrary code via a crafted payload to the stepselect_main.php component. Una vulnerabilidad de Cross-Site Scripting en DedeCMS v.5.7 permite a un atacante local ejecutar código arbitrario a través de un payload manipulado en el componente stepelect_main.php. • https://github.com/ysl1415926/cve/blob/main/DedeCMSv5.7.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29661
https://notcve.org/view.php?id=CVE-2024-29661
22 Apr 2024 — A File Upload vulnerability in DedeCMS v5.7 allows a local attacker to execute arbitrary code via a crafted payload. Una vulnerabilidad de carga de archivos en DedeCMS v5.7 permite a un atacante local ejecutar código arbitrario a través de un payload manipulado. • https://github.com/ysl1415926/cve/blob/main/DedeCMSv5.7_getshell.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3686 – DedeCMS update_guide.php path traversal
https://notcve.org/view.php?id=CVE-2024-3686
12 Apr 2024 — A vulnerability has been found in DedeCMS 5.7.112-UTF8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file update_guide.php. The manipulation of the argument files leads to path traversal: '../filedir'. The attack can be launched remotely. • https://github.com/Echosssy/CVE/blob/main/Dedecms%E6%9C%80%E6%96%B0%E7%89%88%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E5%88%A0%E9%99%A4%E7%BB%95%E8%BF%87.pdf • CWE-24: Path Traversal: '../filedir' •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3685 – DedeCMS stepselect_main.php sql injection
https://notcve.org/view.php?id=CVE-2024-3685
12 Apr 2024 — A vulnerability, which was classified as critical, was found in DedeCMS 5.7.112-UTF8. Affected is an unknown function of the file stepselect_main.php. The manipulation of the argument ids leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Echosssy/CVE/blob/main/Dedecms%E6%9C%80%E6%96%B0%E7%89%88SQL%E6%B3%A8%E5%85%A5.docx • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •