Arbitrary File Upload Vulnerability in DedeCMS by DedeSoft
CVE-2023-43226

8.8HIGH

Key Information:

Vendor: Dedecms
Status: Dedecms
Vendor: CVE Published:; 28 September 2023

Summary

An arbitrary file upload vulnerability exists in DedeCMS, specifically in the dede/baidunews.php component. This flaw permits attackers to upload specially crafted PHP files, thereby potentially leading to unauthorized code execution on the server. Users of DedeCMS versions 5.7.111 and earlier are especially at risk, making it crucial for administrators to apply patches and implement security measures to mitigate this threat.

References

https://github.com/zzq66/cve/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 28, 2023
Vulnerability Reserved
Sep 18, 2023