File Upload Vulnerability in DedeCMS by Dede
CVE-2023-36298

8.8HIGH

Key Information:

Vendor: Dedecms
Status: Dedecms
Vendor: CVE Published:; 3 August 2023

Summary

DedeCMS version 5.7.109 contains a flaw that enables an attacker to exploit a file upload vulnerability, which may lead to remote code execution on the affected system. This vulnerability allows unauthorized users to upload malicious files, potentially compromising the integrity and confidentiality of the web server and any sensitive data it handles. Timely patching and secure configurations are essential to mitigate the risk posed by this vulnerability.

References

https://github.com/MentalityXt/Dedecms-v5.7.109-RCE

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 3, 2023
Vulnerability Reserved
Jun 21, 2023