File Upload Vulnerability in DedeCMS by DedeTech
CVE-2023-40784

9.8CRITICAL

Key Information:

Vendor: Dedecms
Status: Dedecms
Vendor: CVE Published:; 12 September 2023

What is CVE-2023-40784?

DedeCMS version 5.7.102 is prone to a file upload vulnerability through the module_make.php script. This weakness may allow unauthorized users to upload malicious files to the server, potentially leading to further compromises of the web application and server environment. Proper security measures should be implemented to mitigate this risk, including user input validation and file type restrictions.

References

https://www.cnblogs.com/SFYHAC/articles/17619123.html

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 12, 2023
Vulnerability Reserved
Aug 22, 2023

Dedecms

What is CVE-2023-40784?

References

CVSS V3.1

Timeline