CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40874
https://notcve.org/view.php?id=CVE-2023-40874
DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_add.php via the votename and voteitem1 parameters. • https://github.com/DiliLearngent/BugReport/blob/main/php/DedeCMS/xss1.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34842
https://notcve.org/view.php?id=CVE-2023-34842
Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows remote attackers to run arbitrary code via crafted POST request to /dede/tpl.php. • http://dedecms.com https://www.dedecms.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-2928 – DedeCMS article_allowurl_edit.php code injection
https://notcve.org/view.php?id=CVE-2023-2928
A vulnerability was found in DedeCMS up to 5.7.106. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file uploads/dede/article_allowurl_edit.php. The manipulation of the argument allurls leads to code injection. The attack can be launched remotely. • https://github.com/CN016/DedeCMS-getshell-CVE-2023-2928- https://github.com/testwordpress123/cve/blob/main/dedecms.md https://vuldb.com/?ctiid.230083 https://vuldb.com/?id.230083 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2424 – DedeCMS config.php UpDateMemberModCache unrestricted upload
https://notcve.org/view.php?id=CVE-2023-2424
A vulnerability was found in DedeCMS 5.7.106 and classified as critical. Affected by this issue is the function UpDateMemberModCache of the file uploads/dede/config.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/xieqiangweb/cve/blob/master/dede/dedecms%20rce.md https://vuldb.com/?ctiid.227750 https://vuldb.com/?id.227750 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2CVE-2023-27733
https://notcve.org/view.php?id=CVE-2023-27733
DedeCMS v5.7.106 was discovered to contain a SQL injection vulnerability via the component /dede/sys_sql_query.php. • https://github.com/Ephemeral1y/Vulnerability/blob/master/DedeCMS/5.7.98/DedeCMS-v5.7.98-RCE.md https://sha999-crypto.github.io/2023/02/28/Dedecms%20background%20SQL%20injection%20vulnerability • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •