Arbitrary File Upload Vulnerability in DedeCMS by DedeSoft
CVE-2023-43226

8.8HIGH

Key Information:

Vendor: Dedecms
Status: Dedecms
Vendor: CVE Published:; 28 September 2023

What is CVE-2023-43226?

An arbitrary file upload vulnerability exists in DedeCMS, specifically in the dede/baidunews.php component. This flaw permits attackers to upload specially crafted PHP files, thereby potentially leading to unauthorized code execution on the server. Users of DedeCMS versions 5.7.111 and earlier are especially at risk, making it crucial for administrators to apply patches and implement security measures to mitigate this threat.

References

https://github.com/zzq66/cve/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 28, 2023
Vulnerability Reserved
Sep 18, 2023

Dedecms

What is CVE-2023-43226?

References

CVSS V3.1

Timeline