CVE-2025-15004

Medium CVSS: 5.3

A vulnerability was identified in DedeCMS up to 5.7.118. This impacts an unknown function of the file /freelist_main.php. The manipulation of the argument orderby leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

Vendor

Dedecms

Product

Dedecms

CWE

CWE-74

Yayın Tarihi

2025-12-22 01:16:05

Güncelleme

2025-12-31 15:50:09

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-74 Dedecms MEDIUM Dedecms 2025

Referanslar

https://note-hxlab.wetolink.com/share/JPq560c6F6tu https://vuldb.com/?ctiid.337710 https://vuldb.com/?id.337710 https://vuldb.com/?submit.717316

Benzer Kayıtlar

Critical

CVE-2026-30643

An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module u…

High

CVE-2026-29839

DedeCMS v5.7.118 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability in /sys_task_add.php.

Critical

CVE-2026-30694

An issue in DedeCMS v.5.7.118 and before allows a remote attacker to execute arbitrary code via the array_filter compone…

High

CVE-2024-30855

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/makehtml_list_act…

Medium

CVE-2025-6335

A vulnerability was found in DedeCMS up to 5.7.2 and classified as critical. This issue affects some unknown processing…

Medium

CVE-2025-5137

A vulnerability was found in DedeCMS 5.7.117. It has been classified as critical. Affected is an unknown function of the…