SQL Injection Vulnerability in Dedecms by Dedecms Team
CVE-2022-46442

9.8CRITICAL

Key Information:

Vendor: Dedecms
Status: Dedecms
Vendor: CVE Published:; 27 December 2022

What is CVE-2022-46442?

Dedecms versions up to V5.7.102 are exposed to an SQL Injection vulnerability due to inadequate restrictions in the sql query execution in the sys_sql_n_query.php file. This flaw allows attackers to manipulate SQL queries, potentially leading to unauthorized data disclosure or modification. It is crucial for users of Dedecms to implement security measures and updates to mitigate these risks.

References

https://gist.github.com/yinfei6/f2b311374de4b4cec1dc22433...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 27, 2022
Vulnerability Reserved
Dec 5, 2022