Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

DedeCMS — Vulnerabilities & Security Advisories 46

All 46 CVE vulnerabilities found in DedeCMS, with AI-generated Chinese analysis, references, and POCs.

This page documents Common Weakness Enumeration vulnerabilities affecting DedeCMS, a widely used open-source content management system. It aggregates security flaw data associated with this specific software product, categorizing them by their underlying weakness types and severity levels to provide a comprehensive view of its attack surface. The collection encompasses publicly disclosed vulnerabilities spanning from the system’s initial release through recent patches, capturing the evolution of security issues over time. By examining this compiled data, researchers and system administrators can effectively track the vendor’s security advisories and patch release patterns to assess response times and remediation efficacy. Users can gain a deeper understanding of common weakness classes prevalent in the codebase, identifying recurring architectural or implementation flaws that contribute to multiple distinct CVE entries. Additionally, the page serves as a historical reference for the product’s vulnerability timeline, allowing stakeholders to analyze trends in bug discovery and resolution. This resource is designed to support informed decision-making regarding system updates, risk mitigation strategies, and compliance audits without requiring manual cross-referencing of numerous individual reports. The aggregation focuses on providing a structured, neutral overview of known defects, enabling technical teams to prioritize remediation efforts based on comprehensive historical context and collective security intelligence rather than isolated incident reports.

Vendor: n/a

CVE IDTitleCVSSSeverityPublished
CVE-2026-10608 DedeCMS carbuyaction.php RemoveXSS sql injection CWE-89 7.3 High2026-06-02
CVE-2026-10607 DedeCMS flink.php dede_htmlspecialchars sql injection CWE-89 7.3 High2026-06-02
CVE-2026-10606 DedeCMS Feedback feedback.php TrimMsg sql injection CWE-89 7.3 High2026-06-02
CVE-2026-10581 DedeCMS download.php base64_decode server-side request forgery CWE-918 6.3 Medium2026-06-02
CVE-2025-15004 DedeCMS freelist_main.php sql injection CWE-89 6.3 Medium2025-12-22
CVE-2025-6335 DedeCMS Template dedetag.class.php command injection CWE-77 4.7 Medium2025-06-20
CVE-2025-5137 DedeCMS Incomplete Fix CVE-2018-9175 sys_verifies.php code injection CWE-94 4.7 Medium2025-05-25
CVE-2024-12183 DedeCMS HTTP POST Request carbuyaction.php RemoveXSS cross site scripting CWE-79 3.5 Low2024-12-04
CVE-2024-12182 DedeCMS soft_add.php cross site scripting CWE-79 3.5 Low2024-12-04
CVE-2024-12181 DedeCMS SWF File uploads_add.php cross site scripting CWE-79 3.5 Low2024-12-04
CVE-2024-12180 DedeCMS article_add.php cross site scripting CWE-79 3.5 Low2024-12-04
CVE-2024-11138 DedeCMS friendlink_add.php unrestricted upload CWE-434 2.7 Low2024-11-12
CVE-2024-9076 DedeCMS article_string_mix.php os command injection CWE-78 4.7 Medium2024-09-22
CVE-2024-6940 DedeCMS article_template_rand.php code injection CWE-94 4.7 Medium2024-07-21
CVE-2024-4790 DedeCMS path traversal CWE-24 4.3 Medium2024-05-11
CVE-2024-4594 DedeCMS sys_safe.php cross-site request forgery CWE-352 4.3 Medium2024-05-07
CVE-2024-4593 DedeCMS sys_multiserv.php cross-site request forgery CWE-352 4.3 Medium2024-05-07
CVE-2024-4592 DedeCMS sys_group_edit.php cross-site request forgery CWE-352 4.3 Medium2024-05-07
CVE-2024-4591 DedeCMS sys_group_add.php cross-site request forgery CWE-352 4.3 Medium2024-05-07
CVE-2024-4590 DedeCMS sys_info.php cross-site request forgery CWE-352 4.3 Medium2024-05-07
CVE-2024-4589 DedeCMS mytag_edit.php cross-site request forgery CWE-352 4.3 Medium2024-05-07
CVE-2024-4588 DedeCMS mytag_add.php cross-site request forgery CWE-352 4.3 Medium2024-05-07
CVE-2024-4587 DedeCMS tpl.php cross-site request forgery CWE-352 4.3 Medium2024-05-07
CVE-2024-4586 DedeCMS shops_delivery.php cross-site request forgery CWE-352 4.3 Medium2024-05-07
CVE-2024-4585 DedeCMS member_type.php cross-site request forgery CWE-352 4.3 Medium2024-05-07
CVE-2024-3686 DedeCMS update_guide.php path traversal CWE-24 4.3 Medium2024-04-12
CVE-2024-3685 DedeCMS stepselect_main.php sql injection CWE-89 6.3 Medium2024-04-12
CVE-2024-3148 DedeCMS makehtml_archives_action.php sql injection CWE-89 6.3 Medium2024-04-02
CVE-2024-3147 DedeCMS makehtml_map.php cross-site request forgery CWE-352 4.3 Medium2024-04-02
CVE-2024-3146 DedeCMS makehtml_rss_action.php cross-site request forgery CWE-352 4.3 Medium2024-04-02

All 46 known CVE vulnerabilities affecting DedeCMS with full Chinese analysis, references, and POCs where available.