CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27707
https://notcve.org/view.php?id=CVE-2023-27707
SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dede/group_store.php endpoint. • https://srpopty.github.io/2023/02/27/DedeCMS-V5.7.160-Backend-SQLi-group • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46442
https://notcve.org/view.php?id=CVE-2022-46442
dedecms <=V5.7.102 is vulnerable to SQL Injection. In sys_ sql_ n query.php there are no restrictions on the sql query. dedecms <=V5.7.102 es vulnerable a la inyección SQL. En sys_ sql_ n query.php no hay restricciones en la consulta SQL. • https://gist.github.com/yinfei6/f2b311374de4b4cec1dc22433d38c92a • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2022-35516
https://notcve.org/view.php?id=CVE-2022-35516
DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code execution vulnerability in login.php. Se ha detectado que DedeCMS versiones v5.7.93 - v5.7.96, contienen una vulnerabilidad de ejecución de código remota en el archivo login.php. • https://github.com/whitehatl/Vulnerability/blob/main/web/dedecms/5.7.93/Login.poc.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-30508
https://notcve.org/view.php?id=CVE-2022-30508
DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter. Se ha detectado que DedeCMS versión v5.7.93, contiene una vulnerabilidad de eliminación arbitraria de archivos en el archivo upload.php por medio del parámetro delete • https://github.com/1security/Vulnerability/blob/master/web/dedecms/1.md • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •