Cross-Site Request Forgery Vulnerability in DedeCMS by DedeSoft
CVE-2022-43031

8.8HIGH

Key Information:

Vendor: Dedecms
Status: Dedecms
Vendor: CVE Published:; 9 November 2022

What is CVE-2022-43031?

DedeCMS version 6.1.9 is vulnerable to a Cross-Site Request Forgery (CSRF) exploit, enabling attackers to create new Administrator accounts and alter existing Admin passwords without proper authorization. This vulnerability poses significant security risks as it allows manipulation of sensitive administrative controls, potentially compromising the entire content management system.

References

https://github.com/cai-niao98/Dedecmsv6

https://gist.github.com/cai-niao98/77a7aa934492c2d651b37b...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 9, 2022
Vulnerability Reserved
Oct 17, 2022