CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27707
https://notcve.org/view.php?id=CVE-2023-27707
SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dede/group_store.php endpoint. • https://srpopty.github.io/2023/02/27/DedeCMS-V5.7.160-Backend-SQLi-group • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46442
https://notcve.org/view.php?id=CVE-2022-46442
dedecms <=V5.7.102 is vulnerable to SQL Injection. In sys_ sql_ n query.php there are no restrictions on the sql query. dedecms <=V5.7.102 es vulnerable a la inyección SQL. En sys_ sql_ n query.php no hay restricciones en la consulta SQL. • https://gist.github.com/yinfei6/f2b311374de4b4cec1dc22433d38c92a • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2022-35516
https://notcve.org/view.php?id=CVE-2022-35516
DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code execution vulnerability in login.php. Se ha detectado que DedeCMS versiones v5.7.93 - v5.7.96, contienen una vulnerabilidad de ejecución de código remota en el archivo login.php. • https://github.com/whitehatl/Vulnerability/blob/main/web/dedecms/5.7.93/Login.poc.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-36216
https://notcve.org/view.php?id=CVE-2022-36216
DedeCMS v5.7.94 - v5.7.97 was discovered to contain a remote code execution vulnerability in member_toadmin.php. Se ha detectado que DedeCMS versiones v5.7.94 - v5.7.97, contienen una vulnerabilidad de ejecución de código remota en el archivo member_toadmin.php. • https://github.com/whitehatl/Vulnerability/blob/main/web/dedecms/5.7.94/member_toadmin.poc.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-34531
https://notcve.org/view.php?id=CVE-2022-34531
DedeCMS v5.7.95 was discovered to contain a remote code execution (RCE) vulnerability via the component mytag_ main.php. Se ha detectado que DedeCMS versión v5.7.95, contiene una vulnerabilidad de ejecución de código remota (RCE) por medio del componente mytag_ main.php • https://github.com/Airrudder/vuls/blob/main/dedecms/DedeCMS-v5.7.95-RCE.md •