CVE-2025-14648 | DedeBIZ up to 6.5.9 catalog_add.php command injection

Inserito da Angelo Barbosa | Dic 13, 2025 | CVE

A vulnerability, which was classified as critical, was found in DedeBIZ up to 6.5.9. Affected by this vulnerability is an unknown functionality of the file /src/admin/catalog_add.php. Such manipulation leads to command injection.

This vulnerability is referenced as CVE-2025-14648. It is possible to launch the attack remotely. Furthermore, an exploit is available.

CVE-2025-14648 | DedeBIZ up to 6.5.9 catalog_add.php command injection

Post correlati

CVE-2025-49460 | Zoom Workplace Desktop up to 6.4.x argument injection

CVE-2024-12239 | PowerPack Lite for Beaver Builder Plugin up to 1.3.0.5 on WordPress Navigate cross site scripting

CVE-2024-2712 | Campcodes Complete Online DJ Booking System 1.0 /admin/user-search.php searchdata sql injection

CVE-2024-11954 | Pimcore 11.4.2 Search Document cross site scripting (GHSA-xr3m-6gq6-22cg)