CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19061
https://notcve.org/view.php?id=CVE-2018-19061
DedeCMS 5.7 SP2 has SQL Injection via the dede\co_do.php ids parameter. DedeCMS 5.7 SP2 tiene una inyección SQL mediante el parámetro ids en dede\co_do.php. • https://github.com/moonf1sh/moonf1sh.github.io/blob/master/2018/10/30/DedeCMS-V57-SQL%E6%B3%A8%E5%85%A5/index.html https://moonf1sh.github.io/2018/10/30/DedeCMS-V57-SQL%E6%B3%A8%E5%85%A5 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18782
https://notcve.org/view.php?id=CVE-2018-18782
Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/myfriend.php ftype parameter. Existe Cross-Site Scripting (XSS) reflejado en DedeCMS 5.7 SP2 mediante el parámetro ftype en /member/myfriend.php. • https://github.com/ky-j/dedecms/issues/10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18781
https://notcve.org/view.php?id=CVE-2018-18781
DedeCMS 5.7 SP2 allows XSS via the /member/uploads_select.php f or keyword parameter. DedeCMS 5.7 SP2 permite Cross-Site Scripting (XSS) mediante los parámetros f o keyword en /member/uploads_select.php. • https://github.com/ky-j/dedecms/issues/9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2018-18608
https://notcve.org/view.php?id=CVE-2018-18608
DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATH_INFO to /member/index.php, /member/pm.php, /member/content_list.php, or /plus/feedback.php. DedeCMS 5.7 SP2 permite Cross-Site Scripting (XSS) mediante la función llamada GetPageList definida en el archivo include/datalistcp.class.php que se emplea para mostrar la lista de números de página al final de algunas plantillas. Esto queda demostrado por PATH_INFO en /member/index.php, /member/pm.php, /member/content_list.php o /plus/feedback.php. • https://github.com/ky-j/dedecms/files/2504649/Reflected.XSS.Vulnerability.exists.in.the.file.of.DedeCMS.V5.7.SP2.docx https://github.com/ky-j/dedecms/issues/8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2018-18578
https://notcve.org/view.php?id=CVE-2018-18578
DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter. DedeCMS 5.7 SP2 permite Cross-Site Scripting (XSS) mediante el parámetro type en plus/qrcode.php. • https://github.com/ky-j/dedecms/files/2500328/Reflected.XSS.Vulnerability.exists.in.the.file.of.DedeCMS.V5.docx https://github.com/ky-j/dedecms/issues/5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •