CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5301 – DedeCMS album_add.php AddMyAddon os command injection
https://notcve.org/view.php?id=CVE-2023-5301
A vulnerability classified as critical was found in DedeCMS 5.7.111. This vulnerability affects the function AddMyAddon of the file album_add.php. The manipulation of the argument albumUploadFiles leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Lamber-maybe/cve/blob/main/DedeCMS%20V5.7.111%20Remote%20Code%20Execution%20Vulnerability.md https://vuldb.com/?ctiid.240940 https://vuldb.com/?id.240940 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43226
https://notcve.org/view.php?id=CVE-2023-43226
An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file. Una vulnerabilidad de carga de archivos arbitrarios en dede/baidunews.php en DedeCMS 5.7.111 y versiones anteriores permite a los atacantes ejecutar código arbitrario cargando un archivo PHP manipulado. • https://github.com/zzq66/cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5022 – DedeCMS select_templets_post.php absolute path traversal
https://notcve.org/view.php?id=CVE-2023-5022
A vulnerability has been found in DedeCMS up to 5.7.100 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /include/dialog/select_templets_post.php. The manipulation of the argument activepath leads to absolute path traversal. The associated identifier of this vulnerability is VDB-239863. Una vulnerabilidad ha sido encontrada en DedeCMS hasta 5.7.100 y clasificada como crítica. • https://github.com/bayuncao/DEDEcms https://vuldb.com/?ctiid.239863 https://vuldb.com/?id.239863 • CWE-36: Absolute Path Traversal •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40784
https://notcve.org/view.php?id=CVE-2023-40784
DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/module_make.php. DedeCMS 5.7.102 tiene una vulnerabilidad de Carga de Archivos a través de uploads/dede/module_make.php. • https://vulmon.com/vulnerabilitydetails?qid=CVE-2023-40784 https://www.cnblogs.com/SFYHAC/articles/17619123.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4747 – DedeCMS tags.php sql injection
https://notcve.org/view.php?id=CVE-2023-4747
A vulnerability classified as critical was found in DedeCMS 5.7.110. This vulnerability affects unknown code of the file /uploads/tags.php. The manipulation of the argument tag_alias leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/laoquanshi/cve https://github.com/laoquanshi/cve/blob/main/dedecms%20%20sql%20%20injection https://vuldb.com/?ctiid.238636 https://vuldb.com/?id.238636 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •