CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3685 – DedeCMS stepselect_main.php sql injection
https://notcve.org/view.php?id=CVE-2024-3685
12 Apr 2024 — A vulnerability, which was classified as critical, was found in DedeCMS 5.7.112-UTF8. Affected is an unknown function of the file stepselect_main.php. The manipulation of the argument ids leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Echosssy/CVE/blob/main/Dedecms%E6%9C%80%E6%96%B0%E7%89%88SQL%E6%B3%A8%E5%85%A5.docx • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3147 – DedeCMS makehtml_map.php cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-3147
02 Apr 2024 — A vulnerability classified as problematic was found in DedeCMS 5.7. This vulnerability affects unknown code of the file /src/dede/makehtml_map.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Hckwzh/cms/blob/main/15.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3146 – DedeCMS makehtml_rss_action.php cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-3146
02 Apr 2024 — A vulnerability classified as problematic has been found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/makehtml_rss_action.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Hckwzh/cms/blob/main/14.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3144 – DedeCMS makehtml_spec.php cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-3144
02 Apr 2024 — A vulnerability was found in DedeCMS 5.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /src/dede/makehtml_spec.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. • https://github.com/Hckwzh/cms/blob/main/12.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30946
https://notcve.org/view.php?id=CVE-2024-30946
02 Apr 2024 — DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/co_do.php. Se descubrió que DedeCMS v5.7 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a través de /src/dede/co_do.php. • https://github.com/testgo1safe/cms/blob/main/1.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30965
https://notcve.org/view.php?id=CVE-2024-30965
02 Apr 2024 — DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/member_scores.php. Se descubrió que DedeCMS v5.7 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a través de /src/dede/member_scores.php. • https://github.com/Fishkey1/cms/commit/e9d294951ab2dd85709f1d12ad4747f25d326b1b • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2024-29684
https://notcve.org/view.php?id=CVE-2024-29684
26 Mar 2024 — DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /src/dede/makehtml_homepage.php allowing a remote attacker to execute arbitrary code. Se descubrió que DedeCMS v5.7 contenía Cross-Site Request Forgery (CSRF) a través del componente /src/dede/makehtml_homepage.php, lo que permitía a un atacante remoto ejecutar código arbitrario. • https://github.com/iimiss/cms/blob/main/1.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2823 – DedeCMS mda_main.php cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-2823
22 Mar 2024 — A vulnerability has been found in DedeCMS 5.7 and classified as problematic. This vulnerability affects unknown code of the file /src/dede/mda_main.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/lcg-22266/cms/blob/main/1.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2822 – DedeCMS vote_edit.php cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-2822
22 Mar 2024 — A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/vote_edit.php. The manipulation of the argument aid leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/E1CHO/demo/blob/main/29.pdf • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2024-2821 – DedeCMS friendlink_edit.php cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-2821
22 Mar 2024 — A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. Affected by this issue is some unknown functionality of the file /src/dede/friendlink_edit.php. The manipulation of the argument id leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/0x1x02/CVE-2024-28213 • CWE-352: Cross-Site Request Forgery (CSRF) •