CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2424 – DedeCMS config.php UpDateMemberModCache unrestricted upload
https://notcve.org/view.php?id=CVE-2023-2424
A vulnerability was found in DedeCMS 5.7.106 and classified as critical. Affected by this issue is the function UpDateMemberModCache of the file uploads/dede/config.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/xieqiangweb/cve/blob/master/dede/dedecms%20rce.md https://vuldb.com/?ctiid.227750 https://vuldb.com/?id.227750 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-30380
https://notcve.org/view.php?id=CVE-2023-30380
An issue in the component /dialog/select_media.php of DedeCMS v5.7.107 allows attackers to execute a directory traversal. • https://github.com/Howard512966/DedeCMS-v5.7.107-Directory-Traversal • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2CVE-2023-27733
https://notcve.org/view.php?id=CVE-2023-27733
DedeCMS v5.7.106 was discovered to contain a SQL injection vulnerability via the component /dede/sys_sql_query.php. • https://github.com/Ephemeral1y/Vulnerability/blob/master/DedeCMS/5.7.98/DedeCMS-v5.7.98-RCE.md https://sha999-crypto.github.io/2023/02/28/Dedecms%20background%20SQL%20injection%20vulnerability • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 5%CPEs: 1EXPL: 1CVE-2023-2059 – DedeCMS select_templets.php path traversal
https://notcve.org/view.php?id=CVE-2023-2059
A vulnerability was found in DedeCMS 5.7.87. It has been rated as problematic. Affected by this issue is some unknown functionality of the file uploads/include/dialog/select_templets.php. The manipulation leads to path traversal: '..\filedir'. • https://github.com/ATZXC-RedTeam/cve/blob/main/dedecms.md https://vuldb.com/?ctiid.225944 https://vuldb.com/?id.225944 • CWE-28: Path Traversal: '..\filedir' •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2056 – DedeCMS module_main.php GetSystemFile code injection
https://notcve.org/view.php?id=CVE-2023-2056
A vulnerability was found in DedeCMS up to 5.7.87 and classified as critical. This issue affects the function GetSystemFile of the file module_main.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/ashe-king/cve/blob/master/dedecms%20rce2.md https://vuldb.com/?ctiid.225941 https://vuldb.com/?id.225941 • CWE-94: Improper Control of Generation of Code ('Code Injection') •