Remote Code Execution Vulnerability in DedeCMS by DedeTech
CVE-2023-34842

9.8CRITICAL

Key Information:

Vendor: Dedecms
Status: Dedecms
Vendor: CVE Published:; 31 July 2023

What is CVE-2023-34842?

A vulnerability exists in DedeCMS up to version 5.7.109 that enables remote attackers to execute arbitrary code. This occurs through a crafted POST request aimed at the tpl.php endpoint, which can result in serious security breaches. It is crucial for users of affected versions to apply security measures and updates promptly to mitigate the risks associated with this vulnerability.

References

http://dedecms.com

https://www.dedecms.com/

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 31, 2023
Vulnerability Reserved
Jun 7, 2023

Dedecms

What is CVE-2023-34842?

References

CVSS V3.1

Timeline