Dedecms
Monthly
SQL injection in DedeCMS up to version 5.7.118 via the orderby parameter in /freelist_main.php allows authenticated remote attackers to execute arbitrary SQL queries with low impact on confidentiality, integrity, and availability. Publicly available exploit code exists and the vulnerability requires valid user authentication (PR:L) to exploit, significantly limiting real-world risk despite network accessibility.
A vulnerability was found in DedeCMS 5.7.117. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Dedecms 5.71sp1 and earlier is vulnerable to URL redirect. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SQL injection in DedeCMS up to version 5.7.118 via the orderby parameter in /freelist_main.php allows authenticated remote attackers to execute arbitrary SQL queries with low impact on confidentiality, integrity, and availability. Publicly available exploit code exists and the vulnerability requires valid user authentication (PR:L) to exploit, significantly limiting real-world risk despite network accessibility.
A vulnerability was found in DedeCMS 5.7.117. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Dedecms 5.71sp1 and earlier is vulnerable to URL redirect. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.