SQL Injection Vulnerability in DedeCMS from DedeSoft
CVE-2023-27707

7.2HIGH

Key Information:

Vendor: Dedecms
Status: Dedecms
Vendor: CVE Published:; 16 March 2023

Summary

DedeCMS versions 5.7.106 and 5.7.160 are affected by a SQL injection vulnerability that can be exploited via the rank_* parameter in the /dede/group_store.php endpoint. This flaw allows remote attackers to execute arbitrary code, posing significant risks to data integrity and web application security. Proper sanitization and validation of user inputs are essential to mitigate the potential impact of this vulnerability.

References

https://srpopty.github.io/2023/02/27/DedeCMS-V5.7.160-Bac...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 16, 2023
Vulnerability Reserved
Mar 5, 2023