) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
Search Parameters:
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:dedecms:dedecms:5.7:sp1:*:*:*:*:*:*
- CPE Name Search: true
There are 24 matching records.
Displaying matches 21 through 24.
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2018-7700 |
DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code. Published: March 27, 2018; 2:29:00 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2018-6910 |
DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php. Published: February 13, 2018; 4:29:00 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2017-17731 |
DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php. Published: December 18, 2017; 12:29:00 AM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2017-17730 |
DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php. Published: December 18, 2017; 12:29:00 AM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |